1. 28 Jun, 2018 13 commits
  2. 19 Jun, 2018 2 commits
  3. 06 Jun, 2018 4 commits
    • intrigeri's avatar
      Ensure the amnesia user can cross the /media/tails-persistence-setup/... · f92d53d5
      intrigeri authored
      Ensure the amnesia user can cross the /media/tails-persistence-setup/ directory boundary (refs: #15566)
      
      … by creating that directory via a live-config hook, with appropriate
      ownership and permissions.
      
      A newly created persistent volume is mounted on
      /media/tails-persistence-setup/TailsData by t-p-s (via udisks2). At the end of
      the (new) persistent volume configuration process, we display a "gear" icon that
      when clicked, starts tails-additional-software-config as the amnesia user.
      tails-additional-software-config needs to read
      /media/tails-persistence-setup/TailsData/live-additional-software.conf
      (otherwise tails-additional-software-config pretends no ASP is configured yet).
      Without these custom, relaxed permissions, that would be impossible: by default,
      /media/tails-persistence-setup is created (presumably by udisks2) with
      permissions 0700 and owned by tails-persistence-setup:root.
      
      This change is safe because:
      
      1. /media/tails-persistence-setup/TailsData is the only thing that ever gets
         created under /media/tails-persistence-setup;
      2. TailsData, i.e. the root of the persistent filesystem, is world-readable
         so under normal circumstances, when Tails was started with the persistent
         volume unlocked, the amnesia user would be allowed to access it anyway.
      
      Still, this change does not seem to be enough to fix the UX problem we're after
      here. For some reason tails-additional-software-config still pretends that no
      ASP is configured yet, even though it does seem to have all the permissions it
      needs to list them: see https://labs.riseup.net/code/issues/15566#note-7
      for details.
      f92d53d5
    • intrigeri's avatar
      Give up on, and revert, the tmpfiles.d-based implementation of "Ensure the... · 81749e2b
      intrigeri authored
      Give up on, and revert, the tmpfiles.d-based implementation of "Ensure the amnesia user can cross the /media/tails-persistence-setup/ directory boundary (refs: #15566)"
      
      Even a numeric GID won't work when we run before the corresponding group has
      is created.
      
      This reverts commits ab6dfff1
      and 2ced3c98.
      81749e2b
    • intrigeri's avatar
      Use numeric GID: we start systemd-tmpfiles-setup.service before live-config,... · 2ced3c98
      intrigeri authored
      Use numeric GID: we start systemd-tmpfiles-setup.service before live-config, which creates the amnesia group (refs #15566).
      2ced3c98
    • intrigeri's avatar
      Ensure the amnesia user can cross the /media/tails-persistence-setup/... · ab6dfff1
      intrigeri authored
      Ensure the amnesia user can cross the /media/tails-persistence-setup/ directory boundary (refs: #15566)
      
      A newly created persistent volume is mounted on
      /media/tails-persistence-setup/TailsData by t-p-s (via udisks2). At the end of
      the (new) persistent volume configuration process, we display a "gear" icon that
      when clicked, starts tails-additional-software-config as the amnesia user.
      tails-additional-software-config needs to read
      /media/tails-persistence-setup/TailsData/live-additional-software.conf
      (otherwise tails-additional-software-config pretends no ASP is configured yet).
      Without these custom, relaxed permissions, that would be impossible: by default,
      /media/tails-persistence-setup is created (presumably by udisks2) with
      permissions 0700 and owned by tails-persistence-setup:root.
      
      This change is safe because:
      
      1. /media/tails-persistence-setup/TailsData is the only thing that ever gets
         created under /media/tails-persistence-setup;
      2. TailsData, i.e. the root of the persistent filesystem, is world-readable
         so under normal circumstances, when Tails was started with the persistent
         volume unlocked, the amnesia user would be allowed to access it anyway.
      
      Still, this change does not seem to be enough to fix the UX problem we're after
      here. For some reason tails-additional-software-config still pretends that no
      ASP is configured yet, even though it does seem to have all the permissions it
      needs to list them: see https://labs.riseup.net/code/issues/15566#note-7
      for details.
      ab6dfff1
  4. 05 Jun, 2018 5 commits
  5. 04 Jun, 2018 14 commits
  6. 02 Jun, 2018 2 commits