Page MenuHomePhabricator

enhancementProject
ActivePublic

Watchers

  • This project does not have any watchers.

Recent Activity

Mon, Jul 8

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 8:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Mon, Jul 8, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jul 7

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Sun, Jul 7, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jul 6

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 4:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Thu, Jul 4

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Thu, Jul 4, 5:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Thu, Jul 4, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Thu, Jul 4, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Wed, Jul 3

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Wed, Jul 3, 5:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.

Wed, Jul 3, 4:56 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Mon, Jul 1

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Mon, Jul 1, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jun 29

marmarek added a comment to T324: Add package needrestart.
In T324#18696, @Patrick wrote:

What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?

Sat, Jun 29, 12:55 PM · upstream, usability, enhancement, anon-meta-packages, Whonix
Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Sat, Jun 29, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Mon, Jun 24

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Mon, Jun 24, 3:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jun 23

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work after you comment ProtectSystem=strict and ReadWriteDirectories=? I think on Qubes-Whonix it is trying to write to a directory in /var/run (probably /var/run/qubes-service). I can't test as I don't use Qubes.

Sun, Jun 23, 8:25 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Sun, Jun 23, 7:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work using this? It looks like it needs the openat syscall which it now allows.

Sun, Jun 23, 4:31 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Sun, Jun 23, 10:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:51 PM · Whonix, Apps, enhancement, usability

Apr 6 2019

Patrick removed a project from T386: meek Pluggable Transport: Debian version 10 codename Buster.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix
Patrick updated subscribers of T386: meek Pluggable Transport.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix

Mar 21 2019

Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability

Jan 23 2019

Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:15 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:14 AM · whonixcheck, upstream, enhancement, security, Whonix

Jan 15 2019

Patrick updated the task description for T89: Whonix Control Panel.
Jan 15 2019, 8:48 AM · Whonix, Apps, enhancement, usability

Dec 7 2018

Patrick removed a project from T486: Disable conntrack helper?: Whonix 15.
Dec 7 2018, 12:08 PM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security
Patrick removed a project from T504: anon-connection-wizard development: Whonix 15.
Dec 7 2018, 12:07 PM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T456: msgdispatcher_dispatch_x 'details' and 'more help' button to improve whonixcheck error messages etc. usability: Whonix 15.
Dec 7 2018, 12:05 PM · whonixcheck, msgcollector, enhancement, usability, Whonix, graphical user interface, python
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Qubes, Whonix
Patrick removed a project from T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick removed a project from T324: Add package needrestart: Whonix 15.
Dec 7 2018, 11:56 AM · upstream, usability, enhancement, anon-meta-packages, Whonix

Nov 20 2018

Patrick closed T69: Change KDE Theme and KDE Mouse Theme It's easy to do by manually using a mouse, but I haven't found out how to do it shipping a configuration file. After being done, update https://www.whonix.org/wiki/Dev/KDE from TODO to Done. as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 5:00 PM · Whonix, kde, desktop, enhancement, security

Nov 12 2018

Patrick closed T373: Qubes templates: graphical updater (Apper) broken as Resolved.

Apper no longer installed by default.

Nov 12 2018, 8:47 AM · Qubes, usability, enhancement, Whonix
Patrick placed T373: Qubes templates: graphical updater (Apper) broken up for grabs.
Nov 12 2018, 8:43 AM · Qubes, usability, enhancement, Whonix

Oct 1 2018

Patrick placed T324: Add package needrestart up for grabs.
Oct 1 2018, 1:17 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Sep 20 2018

Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Qubes, Whonix

Sep 11 2018

Patrick closed T457: install accessibility tools by default as Invalid.
Sep 11 2018, 7:41 PM · Whonix 15, enhancement, usability, Whonix, anon-meta-packages

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick updated the task description for T631: re-enable tor-controlport-filter.service systemd hardening.
Aug 15 2018, 1:04 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)