Page MenuHomePhabricator

enhancementProject
ActivePublic

Watchers

  • This project does not have any watchers.

Recent Activity

Sat, Sep 14

Patrick updated the task description for T89: Whonix Control Panel.
Sat, Sep 14, 7:45 PM · Whonix, Apps, enhancement, usability

Jul 8 2019

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 8:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Jul 8 2019, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 7 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Jul 7 2019, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 6 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 4:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 4 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Jul 4 2019, 5:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Jul 4 2019, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Jul 4 2019, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 3 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Jul 3 2019, 5:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.

Jul 3 2019, 4:56 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 1 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Jul 1 2019, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 29 2019

marmarek added a comment to T324: Add package needrestart.
In T324#18696, @Patrick wrote:

What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?

Jun 29 2019, 12:55 PM · upstream, usability, enhancement, anon-meta-packages, Whonix
Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Jun 29 2019, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Jun 24 2019

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Jun 24 2019, 3:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 23 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work after you comment ProtectSystem=strict and ReadWriteDirectories=? I think on Qubes-Whonix it is trying to write to a directory in /var/run (probably /var/run/qubes-service). I can't test as I don't use Qubes.

Jun 23 2019, 8:25 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Jun 23 2019, 7:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work using this? It looks like it needs the openat syscall which it now allows.

Jun 23 2019, 4:31 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Jun 23 2019, 10:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:51 PM · Whonix, Apps, enhancement, usability

Apr 6 2019

Patrick removed a project from T386: meek Pluggable Transport: Debian version 10 codename Buster.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix
Patrick updated subscribers of T386: meek Pluggable Transport.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix

Mar 21 2019

Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability

Jan 23 2019

Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:15 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:14 AM · whonixcheck, upstream, enhancement, security, Whonix

Jan 15 2019

Patrick updated the task description for T89: Whonix Control Panel.
Jan 15 2019, 8:48 AM · Whonix, Apps, enhancement, usability

Dec 7 2018

Patrick removed a project from T486: Disable conntrack helper?: Whonix 15.
Dec 7 2018, 12:08 PM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security
Patrick removed a project from T504: anon-connection-wizard development: Whonix 15.
Dec 7 2018, 12:07 PM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T456: msgdispatcher_dispatch_x 'details' and 'more help' button to improve whonixcheck error messages etc. usability: Whonix 15.
Dec 7 2018, 12:05 PM · whonixcheck, msgcollector, enhancement, usability, Whonix, graphical user interface, python
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Qubes, Whonix
Patrick removed a project from T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick removed a project from T324: Add package needrestart: Whonix 15.
Dec 7 2018, 11:56 AM · upstream, usability, enhancement, anon-meta-packages, Whonix

Nov 20 2018

Patrick closed T69: Change KDE Theme and KDE Mouse Theme It's easy to do by manually using a mouse, but I haven't found out how to do it shipping a configuration file. After being done, update https://www.whonix.org/wiki/Dev/KDE from TODO to Done. as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 5:00 PM · Whonix, kde, desktop, enhancement, security

Nov 12 2018

Patrick closed T373: Qubes templates: graphical updater (Apper) broken as Resolved.

Apper no longer installed by default.

Nov 12 2018, 8:47 AM · Qubes, usability, enhancement, Whonix
Patrick placed T373: Qubes templates: graphical updater (Apper) broken up for grabs.
Nov 12 2018, 8:43 AM · Qubes, usability, enhancement, Whonix

Oct 1 2018

Patrick placed T324: Add package needrestart up for grabs.
Oct 1 2018, 1:17 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Sep 20 2018

Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Qubes, Whonix

Sep 11 2018

Patrick closed T457: install accessibility tools by default as Invalid.
Sep 11 2018, 7:41 PM · Whonix 15, enhancement, usability, Whonix, anon-meta-packages

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix