Commit 47d70da0 authored by intrigeri's avatar intrigeri

Update various contributors doc: aufs → overlayfs (refs: #17451)

parent 91fc085d
......@@ -85,11 +85,6 @@ To learn how the new kernel works for us:
run our entire test suite (`+force-all-tests`). But since this
branch has no commit on top of `devel`, Jenkins will ignore it, so
you need to create a dummy commit.
2. Adjust the `aufs` submodule: in the `submodules/aufs-standalone`
directory, use `git fetch` and `git branch -a` to find the most
suitable branch for this kernel version, check it out, then move
back to the top level directory. `git diff` should show an updated
`Subproject commit` accordingly, and that can be committed.
3. Push this new branch to our CI.
4. Set the _Feature Branch_ field on the ticket to the name of your
new branch.
......
......@@ -625,7 +625,7 @@ aims at recovering a Live system's in-memory filesystem and partial
recovery of its previously deleted contents. Most current Live systems
do not protect against that kind of attacks: at best, they erase free
memory on shutdown, leaving intact in memory any data saved in the
unionfs/aufs ramdisk branch.
unionfs (aufs, overlayfs, etc.) ramdisk branch.
This was
[discussed](http://archives.seul.org/or/talk/Jan-2011/msg00137.html)
......
......@@ -60,10 +60,10 @@ non-standard ports. Port restrictions are a pretty weak defense any
way since just *one* open port is enough to do anything.
The Unsafe Browser is run inside a chroot consisting of a throw away
aufs union between a read-only version of the pre-boot Tails
overlayfs union between a read-only version of the pre-boot Tails
filesystem, and a tmpfs as the rw branch. Hence, the post-boot
filesystem (which contains all user data) isn't available to the
Unsafe Browser within the chroot. The chroot and aufs union is created
Unsafe Browser within the chroot. The chroot and overlayfs union is created
upon Unsafe Browser start, and is torn down after it exits, forcefully
killing any remaining processes run from inside it.
......
......@@ -338,17 +338,9 @@ back some paths that were rewritten.
overlayfs
---------
[overlayfs](https://git.kernel.org/cgit/linux/kernel/git/mszeredi/vfs.git/tree/Documentation/filesystems/overlayfs.txt?h=overlayfs.current)
is another kind of union filesystem. It has been merged in
Linux mainline, and is supported by live-boot 5.
overlayfs works differently from aufs, in ways that give hope that it
might be easier for AppArmor to support it natively.
Some ongoing work on AppArmor (labeling, extended conditionals) will
help support overlayfs. Time will tell whether the result meets
our needs.
See [[!tails_ticket 9045]] for more up-to-date information.
help support overlayfs with less kludges. Time will tell whether the
result meets our needs.
<a id="linux-containers"></a>
......
......@@ -15,7 +15,6 @@ Requirements
To release Tails you'll need some packages installed:
* `tidy mktorrent transmission-cli`
* aufs DKMS module for your running kernel.
* [[!debpts squashfs-tools]] 1:4.4-1+0.tails1
from our custom `iukbuilder-stretch` APT suite.
* `iuk` [[dependencies|contribute/release_process/tails-iuk]]
......
......@@ -57,7 +57,7 @@ Priorities for the next years
- <strike>**Release Tails 4.0 based on Debian Buster** ([[Version 4.0|news/version_4.0]])</strike> [DONE]
- **Solve important usability issues** in our core applications ([[!tails_ticket 14544]])
- **Port complex shell scripts to Python** ([[!tails_ticket 11198]], [[Blueprint|blueprint/Port_shell_scripts_to_Python]])
- **Migrate from `aufs` to `overlayfs`** ([[!tails_ticket 8415]])
- <strike>**Migrate from `aufs` to `overlayfs`** ([[!tails_ticket 8415]])</strike> [DONE]
- **Have more robust time synchronization** when starting Tails ([[!tails_ticket 5774]], [[Blueprint|blueprint/robust_time_syncing]])
- <strike>**Migrate to *Tor Launcher* integrated into *Tor Browser*** ([[!tails_ticket 15709]])</strike> [DONE]
- **Upstream our security improvements to the *Thunderbird* autoconfiguration** ([[!tails_ticket 6156]])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment