Re: [Tails-dev] AppArmor in Live systems, state of the union

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] AppArmor in Live systems, state of the union
On 10/20/14, intrigeri <intrigeri@???> wrote:
> Hi folks,
>
> [Cc'ing my fellow Tails developers, and also the Freepto ones who
> might be interested.]
>
> I'm super happy to tell you that we've now released Tails 1.2,
> finally with some minimal AppArmor support! :)
>
> Our implementation is described on
> https://tails.boum.org/contribute/design/application_isolation/


Congratulations! I've been using Tails with AppArmor and I'm pretty
happy at how well it works.

There is one hitch for me and it is largely a development issue:

I've recently released tlsdate 0.0.11 - part of the release was aiming
to target Tails. Sadly, I found that the AppArmor profiles were
totally broken as expected because of the UnionFS issues. I'm happy to
spin another release and I'd like to update the upstream AppArmor
profiles in a way that will benefit Tails directly. What do you think
is the best way to write the upstream policies so that they work in
normal Debian and in (live distros like) Tails?

All the best,
Jacob