JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
**clickable expand button inside text** Done. Check: https://www.whonix.org/wiki/Template:Reload_Tor
Open Tasks
Open Tasks
Needs Triage (2)
Needs Triage (2)
High (1)
High (1)
- Aug 30 2019, 7:28 PM
Assigned: 0brand
Normal (12)
Normal (12)
- Wed, Jan 15, 12:11 PM
- Mon, Dec 23, 2:14 PM
- Mon, Dec 23, 2:09 PM
- Mon, Dec 23, 2:01 PM
- Dec 5 2019, 4:16 PM
Active Repositories
Active Repositories
- No repositories found for this query.
Recent Activity
Recent Activity
Sat, Jan 18
Sat, Jan 18
In T868#19258, @JasonJAyalaP wrote:replace Menu bar with hardcoded links
Isn't this a mediawiki configuration option? It should have basic nav choices.
In T868#19257, @JasonJAyalaP wrote:two separate pre tags get intermingled and shown as one box
Can you link me to an example (or create a page with one)?
clickable expand button inside text
replace Menu bar with hardcoded links
Isn't this a mediawiki configuration option? It should have basic nav choices.
two separate pre tags get intermingled and shown as one box
Can you link me to an example (or create a page with one)?
too much whitespace
This is unnecessary whitespace from the html line:
Fri, Jan 17
Fri, Jan 17
Wed, Jan 15
Wed, Jan 15
In T950#19249, @Patrick wrote:
Tue, Jan 7
Tue, Jan 7
An interesting product that triggers a system wipe if the cable is pulled:
Wed, Jan 1
Wed, Jan 1
In T950#19231, @madaidan wrote:quiet
Thu, Dec 26
Thu, Dec 26
Patrick edited projects for T953: extrepo - safely adding repos, added: Whonix 15; removed Restricted Project.
Wed, Dec 25
Wed, Dec 25
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Tue, Dec 24
Tue, Dec 24
This just prevents writing to /dev/kmsg. It doesn't stop kernel logs being displayed during boot.
Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...
Sounds good.
We can use a sysctl.d drop-in and an initramfs hook in security-misc so non-initramfs users will still be mostly protected.
Any attempted access of /boot would be logged the same way anyway although it might be good to use that to stop it from showing up in aa-logprof.
Would an audit denyrule for /boot be useful for the sake of audit?
I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.
Why not use an initramfs hook in security-misc? Not everyone will have security-misc and apparmor-profile-everything installed. Users with just security-misc installed will still have some kernel logs shown during early boot.
/boot isn't allowed in init-systemd anyway so we don't need to add it to dangerous-files. Apparmor denies access to files that aren't explicitly allowed. The only reason we need to blacklist /lib/modules and not /boot is because we give access to all libraries.
Still need to add /boot to https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/abstractions/dangerous-files? Currently cannot find it there.
Yes. Probably both. initramfs for apparmor-profile-everything users and
/etc/sysctl.d/ security-misc.
Mon, Dec 23
Mon, Dec 23
/boot/ is already unreadable.
Should this be set in the initramfs?
Whonix Issue Tracker · Unread Notifications · Open Issues · Homepage · Blog · Forum · Github · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer