Bug #9756

Tighten AppArmor policy, phase 1

Added by intrigeri 2015-07-18 07:58:32 . Updated 2015-08-11 10:46:13 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2015-06-06
Due date:
% Done:

100%

Feature Branch:
bugfix/8007-AppArmor-hardening
Type of work:
Code
Starter:
Affected tool:
Deliverable for:

Description

The plan here is to stabilize for Tails 1.5 the subset of Bug #9534 that’s almost done.


Subtasks

Feature #9539: Install the apparmor-profiles package Resolved

100

Bug #9558: Tor Browser confinement allows downloading to /tmp Resolved

100

Bug #9552: Fix Vidalia's access to its configuration with hardened AppArmor policy Resolved

100

Feature #9755: Test hardened AppArmor policy on a system with an incremental upgrade applied Resolved

100

Bug #9537: Fix torrc renaming with hardened AppArmor policy Resolved

100

Bug #9757: Remove AppArmor profiles we don't use Resolved

100


Related issues

Blocks Tails - Feature #9337: Notify the user when AppArmor blocks anything Rejected 2017-06-27

History

#1 Updated by intrigeri 2015-07-18 07:58:47

#2 Updated by intrigeri 2015-07-18 10:24:49

  • Description updated

#3 Updated by intrigeri 2015-07-19 06:31:42

  • blocks Feature #9337: Notify the user when AppArmor blocks anything added

#4 Updated by intrigeri 2015-07-29 01:09:14

  • Status changed from Confirmed to In Progress

#5 Updated by intrigeri 2015-07-29 01:52:23

  • Assignee deleted (intrigeri)
  • QA Check set to Ready for QA

I’m now happy with the current state of this branch => please review’n’merge.

#6 Updated by kytv 2015-08-03 17:45:27

I did a quick review of the profile changes and it looked good. I’ll do a more thorough review later as well as some test suite runs.

#7 Updated by intrigeri 2015-08-04 02:04:47

  • Assignee set to kytv

Setting an assignee, then. U wanted to have a look as well.

#8 Updated by Anonymous 2015-08-04 08:24:26

  • Assignee deleted (kytv)

assigning to myself for review

#9 Updated by Anonymous 2015-08-05 05:34:10

  • Assignee deleted ()
  • QA Check changed from Ready for QA to Pass

Reviewed this branch, and from my pov this can be merged.

#10 Updated by anonym 2015-08-05 05:38:52

  • Assignee set to kytv

Wanna have an extra look before I merge?

#11 Updated by kytv 2015-08-05 06:40:34

anonym wrote:
> Wanna have an extra look before I merge?

On it. Will additionally do some manual spot checking on an ISO built from this branch with devel merged.

#12 Updated by kytv 2015-08-05 08:32:06

Looking good. I noticed bugfix/8007-AppArmor-hardening was updated. I’ll build another iso. :)

#13 Updated by anonym 2015-08-05 09:50:21

  • Assignee changed from kytv to intrigeri
  • QA Check changed from Pass to Ready for QA

I’ve fixed the issues intrigeri found with this branch vs feature/8548-tor-browser-5.0 (now merged), or at least with the conflict resolution I did in experimental.

#14 Updated by kytv 2015-08-05 10:19:47

+1 from me.

#15 Updated by intrigeri 2015-08-05 13:23:12

  • Status changed from In Progress to Fix committed

Applied in changeset commit:cf59444d1d361e4045de92717c38c0184e0ac694.

#16 Updated by intrigeri 2015-08-05 13:24:20

  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass

#17 Updated by BitingBird 2015-08-11 10:46:13

  • Status changed from Fix committed to Resolved