summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute/design/persistence.mdwn
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2013-09-30 11:47:39 +0000
committerTails developers <amnesia@boum.org>2013-09-30 11:50:01 +0000
commit19b00bc334dc6f782894dc862574c650ce3485ab (patch)
treeac922536dac8b1fbe4ba373fb10d23959aded22b /wiki/src/contribute/design/persistence.mdwn
parentbd9f961af4827eae29975dc9d77b838d03b98273 (diff)
Start documenting next steps for persistence security improvements.
Diffstat (limited to 'wiki/src/contribute/design/persistence.mdwn')
-rw-r--r--wiki/src/contribute/design/persistence.mdwn10
1 files changed, 10 insertions, 0 deletions
diff --git a/wiki/src/contribute/design/persistence.mdwn b/wiki/src/contribute/design/persistence.mdwn
index 15aa2c5a..1326c54 100644
--- a/wiki/src/contribute/design/persistence.mdwn
+++ b/wiki/src/contribute/design/persistence.mdwn
@@ -355,6 +355,11 @@ To this aim, the persistent volume root directory may contain
a `live-additional-software.conf` file that holds the list of packages to install
(from persistence, since they were cached already).
+<!-- FIXME (0.22) -->
+<!-- To be taken into account, this file must be owned by -->
+<!-- `tails-persistence-setup:tails-persistence-setup`, and not be writable -->
+<!-- by anyone else than the `tails-persistence-setup` user. -->
+
First, those additional software packages are installed offline from tails-greeter
`PostLogin` script.
@@ -386,3 +391,8 @@ as the `tails-persistence-setup` dedicated user. It creates and
updates configuration files that are owned by
`tails-persistence-setup:tails-persistence-setup`, with
permissions 0600.
+
+<!-- FIXME (0.22) -->
+<!-- When persistence is activated at boot time, any persistent filesystem -->
+<!-- is ignored unless its root directory and persistence configuration -->
+<!-- files have the correct permissions. -->