Bug #9756: Tighten AppArmor policy, phase 1

Bug #9756

Tighten AppArmor policy, phase 1

Added by intrigeri 2015-07-18 07:58:32 . Updated 2015-08-11 10:46:13 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_1.5

Start date:

2015-06-06

Due date:

% Done:

100%

Feature Branch:

bugfix/8007-AppArmor-hardening

Type of work:

Code

Blueprint:

https://tails.boum.org/blueprint/harden_AppArmor_profiles/

Starter:

Affected tool:

Deliverable for:

Description

The plan here is to stabilize for Tails 1.5 the subset of ~~Bug #9534~~ that’s almost done.

Subtasks

Feature #9539: Install the apparmor-profiles package

Resolved

100

Bug #9558: Tor Browser confinement allows downloading to /tmp

Resolved

100

Bug #9552: Fix Vidalia's access to its configuration with hardened AppArmor policy

Resolved

100

Feature #9755: Test hardened AppArmor policy on a system with an incremental upgrade applied

Resolved

100

Bug #9537: Fix torrc renaming with hardened AppArmor policy

Resolved

100

Bug #9757: Remove AppArmor profiles we don't use

Resolved

100

Related issues

Blocks Tails - ~~Feature #9337~~: Notify the user when AppArmor blocks anything

Rejected

2017-06-27

History

#1 Updated by intrigeri 2015-07-18 07:58:47

Parent task set to ~~Bug #9534~~

#2 Updated by intrigeri 2015-07-18 10:24:49

Description updated

#3 Updated by intrigeri 2015-07-19 06:31:42

blocks ~~Feature #9337~~: Notify the user when AppArmor blocks anything added

#4 Updated by intrigeri 2015-07-29 01:09:14

Status changed from Confirmed to In Progress

#5 Updated by intrigeri 2015-07-29 01:52:23

Assignee deleted (~~intrigeri~~)
QA Check set to Ready for QA

I’m now happy with the current state of this branch => please review’n’merge.

#6 Updated by kytv 2015-08-03 17:45:27

I did a quick review of the profile changes and it looked good. I’ll do a more thorough review later as well as some test suite runs.

#7 Updated by intrigeri 2015-08-04 02:04:47

Assignee set to kytv

Setting an assignee, then. U wanted to have a look as well.

#8 Updated by Anonymous 2015-08-04 08:24:26

Assignee deleted (~~kytv~~)

assigning to myself for review

#9 Updated by Anonymous 2015-08-05 05:34:10

Assignee deleted ()
QA Check changed from Ready for QA to Pass

Reviewed this branch, and from my pov this can be merged.

#10 Updated by anonym 2015-08-05 05:38:52

Assignee set to kytv

Wanna have an extra look before I merge?

#11 Updated by kytv 2015-08-05 06:40:34

anonym wrote:
> Wanna have an extra look before I merge?

On it. Will additionally do some manual spot checking on an ISO built from this branch with devel merged.

#12 Updated by kytv 2015-08-05 08:32:06

Looking good. I noticed bugfix/8007-AppArmor-hardening was updated. I’ll build another iso. :)

#13 Updated by anonym 2015-08-05 09:50:21

Assignee changed from kytv to intrigeri
QA Check changed from Pass to Ready for QA

I’ve fixed the issues intrigeri found with this branch vs feature/8548-tor-browser-5.0 (now merged), or at least with the conflict resolution I did in experimental.

#14 Updated by kytv 2015-08-05 10:19:47

+1 from me.

#15 Updated by intrigeri 2015-08-05 13:23:12

Status changed from In Progress to Fix committed

Applied in changeset commit:cf59444d1d361e4045de92717c38c0184e0ac694.

#16 Updated by intrigeri 2015-08-05 13:24:20

Assignee deleted (~~intrigeri~~)
QA Check changed from Ready for QA to Pass

#17 Updated by BitingBird 2015-08-11 10:46:13

Status changed from Fix committed to Resolved