Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AppArmor profile for client and bump to securedrop-client 0.0.11 #673

Merged
merged 3 commits into from
Dec 19, 2019
Merged

Add AppArmor profile for client and bump to securedrop-client 0.0.11 #673

merged 3 commits into from
Dec 19, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Dec 18, 2019
edited
Loading

Description

Towards freedomofpress/securedrop-workstation#234

Test Plan

  • Ensure you are running 4.14.158 kernel in sd-svs (requires latest updates to sd-svs-buster-template)
  • On this branch, build the tarball (python3 setup.py dist)
  • Use this packaging branch: AppArmor support and profile for securedrop-client securedrop-builder#105 to build the 0.0.11 securedrop-client package (e.g.: PKG_VERSION=0.0.11 PKG_PATH=../securedrop-client/dist/securedrop-client-0.0.11.tar.gz make securedrop-client
  • install apparmor-utils in sd-svs (or sd-svs-buster-template)
  • move/install this deb into sd-svs (or sd-svs-buster-template)
  • sudo aa-status should report securedrop-client is in enforce mode
  • The client works as expected
  • There are no apparmor violations in /var/log/syslog
  • Changelog for 0.0.11 is accurate

Checklist

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

  • I have tested these changes in the appropriate Qubes environment
  • I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
  • These changes should not need testing in Qubes

@emkll
Add AppArmor profile for client
d04a9bd 
Support enforcement of apparmor profile for .deb installs. Supporting apparmor in qubes staging environment is difficult as the Qubes default pvh kernels do not have apparmor support.
@emkll emkll added this to Ready for Review in SecureDrop Team Board Dec 18, 2019
This was referenced Dec 18, 2019
Merged
Merged
@emkll emkll changed the title Add AppArmor profile for client Add AppArmor profile for client and bump to securedrop-client 0.0.11 Dec 18, 2019
@sssoleileraaa
Copy link
Contributor

Test Plan

  • Ensure you are running 4.14.158 kernel in sd-svs (requires latest updates to sd-svs-buster-template)
  • On this branch, build the tarball (python3 setup.py dist)
  • Use this packaging branch: AppArmor support and profile for securedrop-client securedrop-builder#105 to build the 0.0.11 securedrop-client package (e.g.: PKG_VERSION=0.0.11 PKG_PATH=../securedrop-client/dist/securedrop-client-0.0.11.tar.gz make securedrop-client
  • install apparmor-utils in sd-svs (or sd-svs-buster-template)
  • move/install this deb into sd-svs (or sd-svs-buster-template)
  • sudo aa-status should report securedrop-client is in enforce mode
  • The client works as expected
  • There are no apparmor violations in /var/log/syslog
  • Changelog for 0.0.11 is accurate

sssoleileraaa
sssoleileraaa approved these changes Dec 19, 2019
View reviewed changes
Copy link
Contributor

@sssoleileraaa sssoleileraaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

everything works as expected

@redshiftzero redshiftzero merged commit 4d71556 into master Dec 19, 2019
SecureDrop Team Board automation moved this from Ready for Review to Done Dec 19, 2019
@redshiftzero redshiftzero deleted the 234-apparmor branch December 19, 2019 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sssoleileraaa sssoleileraaa sssoleileraaa approved these changes

@kushaldas kushaldas Awaiting requested review from kushaldas kushaldas is a code owner

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@emkll @sssoleileraaa @redshiftzero