Install upstream apparmor profiles in sd-svs-disp #384

emkll · 2019-12-20T15:06:38Z

(initially reported in #234 (comment))
We have a large number of applications installed in sd-svs-disp, and many of them have community maintained apparmor profiles (apparmor-utils, apparmor-profiles, apparmor-profiles-extra). This will ensure these applications will only access system functionality or files that are strictly required, when opening potentially malicious submission. This will provide further assurances and defense in depth.

While it would be nice-to-have in other VMs as well, I think the priority would be having these in sd-svs-disp vms.

The text was updated successfully, but these errors were encountered:

emkll added the security label Dec 20, 2019

emkll added this to the 0.2.0beta milestone Dec 20, 2019

emkll changed the title ~~Audit and install upstream apparmor profiles in sd-svs-disp~~ Install upstream apparmor profiles in sd-svs-disp Dec 20, 2019

emkll mentioned this issue Dec 20, 2019

Install apparmor profiles in sd-svs-disp freedomofpress/securedrop-builder#118

Merged

3 tasks

kushaldas closed this as completed in freedomofpress/securedrop-builder#118 Jan 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Install upstream apparmor profiles in sd-svs-disp #384

Install upstream apparmor profiles in sd-svs-disp #384

emkll commented Dec 20, 2019 •

edited

Loading

Install upstream apparmor profiles in sd-svs-disp #384

Install upstream apparmor profiles in sd-svs-disp #384

Comments

emkll commented Dec 20, 2019 • edited Loading

emkll commented Dec 20, 2019 •

edited

Loading