Add Apparmor #101

ghost · 2014-01-15T18:42:09Z

https://wiki.debian.org/AppArmor/HowTo

ghost · 2014-02-01T21:53:53Z

from tails blog:
A critical problem with stacked filesystems, such as aufs, must be fixed at upstream level before we can use AppArmor in Tails. It should be fixed in AppArmor 3.0, which is scheduled for 2013 Q3.

It can be workaround'd if https://bugs.launchpad.net/apparmor/+bug/888077 is fixed (a month or two of dev time, we're told), or by adding "Kernel based alias support" (being discussed privately, stay tuned).

https://bugs.launchpad.net/ubuntu/+source/casper/+bug/131976

boyska · 2014-02-07T13:52:23Z

I propose to defer this to the next version (the one after 0.2)

ghost · 2014-02-07T15:14:55Z

I agree. Removed

intrigeri · 2015-06-19T17:25:39Z

FYI the limitations quoted above are not that hard to workaround: https://tails.boum.org/contribute/design/application_isolation/. See also Tails bugfix/8007-AppArmor-hardening branch for more recent (still not ready nor merged) progress on this front -- especially the design doc should help understand what's going on.

ghost self-assigned this Feb 1, 2014

ghost modified the milestone: v0.2 Feb 7, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Apparmor #101

Add Apparmor #101

ghost commented Jan 15, 2014

ghost commented Feb 1, 2014

boyska commented Feb 7, 2014

ghost commented Feb 7, 2014

intrigeri commented Jun 19, 2015

Add Apparmor #101

Add Apparmor #101

Comments

ghost commented Jan 15, 2014

ghost commented Feb 1, 2014

boyska commented Feb 7, 2014

ghost commented Feb 7, 2014

intrigeri commented Jun 19, 2015