Feature #12125

Bug #9534: Tighten AppArmor policy

Mount a tmpfs on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp AppArmor abstraction

Added by intrigeri 5 months ago. Updated 2 months ago.

Status:ResolvedStart date:01/09/2017
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:Tails_2.12
QA Check:Pass Blueprint:
Feature Branch:feature/12125-tmpfs-on-var-tmp Easy:
Type of work:Code Affected tool:

Related issues

Related to Tails - Bug #9949: Audit AppArmor policy vs. hard links In Progress 08/08/2015

Associated revisions

Revision 04a32272
Added by intrigeri 4 months ago

Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction (refs: #12125).

See https://labs.riseup.net/code/issues/9949#note-23 for details.

Revision 96c4fab5
Added by anonym 3 months ago

Merge remote-tracking branch 'origin/feature/12125-tmpfs-on-var-tmp' into devel

Fix-committed: #12125

History

#1 Updated by intrigeri 5 months ago

  • Related to Bug #9949: Audit AppArmor policy vs. hard links added

#2 Updated by intrigeri 4 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to feature/12125-tmpfs-on-var-tmp

#3 Updated by intrigeri 4 months ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 10 to 40
  • QA Check set to Ready for QA

Passes the test suite on Jenkins. Note: I did not verify that what I did indeed results in a tmpfs being mounted on /var/tmp (because 1. I was optimistic; and 2. you would have to check it anyway while reviewing'n'merging). So if you prefer, reassign to me and I'll check myself.

#4 Updated by anonym 3 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 40 to 100
  • QA Check changed from Ready for QA to Pass

Fix verified! Merged!

#5 Updated by anonym 2 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF