Re: [Tails-dev] Sandboxing Tor Browser: strategy for trackin…

Delete this message

Reply to this message
Author: bertagaz
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Sandboxing Tor Browser: strategy for tracking "upstream" AppArmor profile
On Fri, Jan 23, 2015 at 08:50:28PM +0100, intrigeri wrote:
>
> I'm working on #5525 ("Sandbox the web browser"), and have an AppArmor
> profile that works locally for most basic use cases. Now, I'm
> wondering how to integrate it into Tails and I need your input.
>
> I think we have two solutions:
>
>    1. Download "upstream" profile and apply Tails-specific patch at
>       ISO build time

>
>    2. Ship a forked profile in our Git repository

>
> => I'm in favor of #1.
>
> Thoughts, opinions, volunteers?


While I think I could help with maintaining this profile when it breaks
the build, I'm not much comfortable with this option from my CI hat point
of view. It means that every devs would be notified of this breakage if/when
automatic builds will be deployed. I can see the mailbombing coming, and
devs and contributors ranting on the list.

If #1 is chosen, we could maybe have a dedicated jenkins jobs to test if
our Tails specific patches don't apply.

Also, I'm running myself a Torbrowser contained by an apparmor profile
since something like 4 or 5 Torbrowser releases, and it did break for only
one of them, so this scenario might not happen so often.

Maybe we could also make this build time automatic merge being less
destructive for the build: if the merge doesn't work, the build goes on
but notify that the apparmor profile is out of sync, and that the
torbrowser is probably broken.

So I'm not firmly opposed to #1, and I dislike #2, but would prefer #1 to
be a bit more gentle.

bert.