Project

General

Profile

Feature #12125

Bug #9534: Tighten AppArmor policy

Mount a tmpfs on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp AppArmor abstraction

Added by intrigeri 11 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
01/09/2017
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
feature/12125-tmpfs-on-var-tmp
Type of work:
Code
Blueprint:
Easy:
Affected tool:

Related issues

Related to Tails - Bug #9949: Audit AppArmor policy vs. hard links In Progress 08/08/2015

Associated revisions

Revision 04a32272 (diff)
Added by intrigeri 9 months ago

Mount a dedicated filesystem on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp abstraction (refs: #12125).

See https://labs.riseup.net/code/issues/9949#note-23 for details.

Revision 96c4fab5
Added by anonym 8 months ago

Merge remote-tracking branch 'origin/feature/12125-tmpfs-on-var-tmp' into devel

Fix-committed: #12125

History

#1 Updated by intrigeri 11 months ago

  • Related to Bug #9949: Audit AppArmor policy vs. hard links added

#2 Updated by intrigeri 9 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to feature/12125-tmpfs-on-var-tmp

#3 Updated by intrigeri 9 months ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 10 to 40
  • QA Check set to Ready for QA

Passes the test suite on Jenkins. Note: I did not verify that what I did indeed results in a tmpfs being mounted on /var/tmp (because 1. I was optimistic; and 2. you would have to check it anyway while reviewing'n'merging). So if you prefer, reassign to me and I'll check myself.

#4 Updated by anonym 8 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 40 to 100
  • QA Check changed from Ready for QA to Pass

Fix verified! Merged!

#5 Updated by anonym 7 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF