summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/APT_overlays.d/bugfix-8007-apparmor-hardening0
-rw-r--r--config/chroot_apt/preferences8
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails1
-rw-r--r--config/chroot_local-packageslists/tails-common.list2
-rw-r--r--config/chroot_local-patches/apparmor-adjust-home-tunable.diff12
-rw-r--r--config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff14
-rw-r--r--config/chroot_local-patches/apparmor-adjust-tor-profile.diff21
-rw-r--r--config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff15
-rw-r--r--config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff26
-rw-r--r--config/chroot_local-patches/apparmor-aliases.diff62
-rw-r--r--config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch13
-rw-r--r--features/evince.feature10
-rw-r--r--features/images/TorBrowserSaveDialog.pngbin0 -> 1281 bytes
-rw-r--r--features/images/TorBrowserUnableToOpen.pngbin1706 -> 4091 bytes
-rw-r--r--features/pidgin.feature6
-rw-r--r--features/step_definitions/common_steps.rb25
-rw-r--r--features/step_definitions/evince.rb6
-rw-r--r--features/torified_browsing.feature21
-rw-r--r--features/totem.feature10
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn20
20 files changed, 217 insertions, 55 deletions
diff --git a/config/APT_overlays.d/bugfix-8007-apparmor-hardening b/config/APT_overlays.d/bugfix-8007-apparmor-hardening
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/bugfix-8007-apparmor-hardening
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index d4f7bf3..5b04851 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -138,6 +138,10 @@ Package: libcryptsetup4
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
+Package: libestr0
+Pin: release o=Debian Backports,n=wheezy-backports
+Pin-Priority: 999
+
Package: libotr5
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
@@ -238,6 +242,10 @@ Package: python-electrum
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
+Package: rsyslog
+Pin: release o=Debian Backports,n=wheezy-backports
+Pin-Priority: 999
+
Package: scdaemon
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
diff --git a/config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails b/config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails
new file mode 100644
index 0000000..2ef750a
--- /dev/null
+++ b/config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails
@@ -0,0 +1 @@
+@{HOMEDIRS}+=/lib/live/mount/overlay/home/
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index 3b87f70..790e848 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -66,6 +66,7 @@ gksu
aircrack-ng
apparmor
+apparmor-profiles
apparmor-profiles-extra
audacity
barry-util
@@ -218,7 +219,6 @@ syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
system-config-printer
-systemd
synaptic
torsocks
totem-plugins
diff --git a/config/chroot_local-patches/apparmor-adjust-home-tunable.diff b/config/chroot_local-patches/apparmor-adjust-home-tunable.diff
deleted file mode 100644
index d8de414..0000000
--- a/config/chroot_local-patches/apparmor-adjust-home-tunable.diff
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/etc/apparmor.d/tunables/home 2012-07-17 17:30:16.000000000 +0000
-+++ b/etc/apparmor.d/tunables/home 2014-09-17 05:23:26.383556000 +0000
-@@ -18,7 +18,7 @@
- # @{HOMEDIRS} is a space-separated list of where user home directories
- # are stored, for programs that must enumerate all home directories on a
- # system.
--@{HOMEDIRS}=/home/
-+@{HOMEDIRS}=/home/ /lib/live/mount/overlay/home/
-
- # Also, include files in tunables/home.d for site-specific adjustments to
- # @{HOMEDIRS}.
-
diff --git a/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff b/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
index 91c41fa..8e180d8 100644
--- a/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff
@@ -1,5 +1,14 @@
---- a/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:47:51.945948920 +0100
-+++ b/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:48:29.273511368 +0100
+--- a/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:02.453412928 +0000
++++ b/etc/apparmor.d/usr.bin.pidgin 2015-06-04 12:37:40.309205204 +0000
+@@ -11,7 +11,7 @@
+ #include <abstractions/enchant>
+ #include <abstractions/gnome>
+ #include <abstractions/ibus>
+- #include <abstractions/launchpad-integration>
++ # #include <abstractions/launchpad-integration>
+ #include <abstractions/nameservice>
+ #include <abstractions/private-files-strict>
+ #include <abstractions/ssl_certs>
@@ -46,6 +46,7 @@
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
@@ -8,3 +17,4 @@
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
+
diff --git a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
index 4c5737c..a22c22d 100644
--- a/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-tor-profile.diff
@@ -1,18 +1,13 @@
---- a/etc/apparmor.d/system_tor 2014-09-12 15:44:48.000000000 +0000
-+++ b//etc/apparmor.d/system_tor 2014-09-17 04:41:35.591556000 +0000
-@@ -4,8 +4,12 @@
+--- a/etc/apparmor.d/system_tor 2015-06-04 12:28:12.243020484 +0000
++++ b/etc/apparmor.d/system_tor 2015-06-04 12:29:32.580249731 +0000
+@@ -4,6 +4,9 @@
profile system_tor {
#include <abstractions/tor>
-
-+ owner /etc/tor/torrc w,
-+ owner /etc/tor/torrc.* w,
-+ /lib/live/mount/overlay/etc/tor/* wl,
+
++ link /etc/tor/.wh.torrc -> /.wh..wh.aufs,
++ /etc/tor/* w,
+
-- owner /var/lib/tor/** rwk,
-- owner /var/log/tor/* w,
-+ owner /{,lib/live/mount/overlay/}var/lib/tor/** rwk,
-+ owner /{,lib/live/mount/overlay/}var/log/tor/* w,
+ owner /var/lib/tor/** rwk,
+ owner /var/log/tor/* w,
- /{,var/}run/tor/control w,
- /{,var/}run/tor/tor.pid w,
diff --git a/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff b/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff
deleted file mode 100644
index 078b240..0000000
--- a/config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/etc/apparmor.d/abstractions/user-tmp 2012-07-17 17:30:16.000000000 +0000
-+++ b/etc/apparmor.d/abstractions/user-tmp 2014-09-17 05:39:57.871556000 +0000
-@@ -14,7 +14,7 @@
- owner @{HOME}/tmp/ rw,
-
- # global tmp directories
-- owner /var/tmp/** rwkl,
-- /var/tmp/ rw,
-- owner /tmp/** rwkl,
-- /tmp/ rw,
-+ owner /{,lib/live/mount/overlay/}var/tmp/** rwkl,
-+ /{,lib/live/mount/overlay/}var/tmp/ rw,
-+ owner /{,lib/live/mount/overlay/}tmp/** rwkl,
-+ /{,lib/live/mount/overlay/}tmp/ rw,
-
diff --git a/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff b/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff
new file mode 100644
index 0000000..9a78089
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-vidalia-profile.diff
@@ -0,0 +1,26 @@
+--- a/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:15:34.668000000 +0000
++++ b/etc/apparmor.d/usr.bin.vidalia 2015-06-10 09:38:17.812000000 +0000
+@@ -9,6 +9,8 @@
+
+ owner @{HOME}/.vidalia/ rw,
+ owner @{HOME}/.vidalia/** rwmk,
++ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/ rw,
++ owner /lib/live/mount/rootfs/*.squashfs/home/vidalia/.vidalia/** rwmk,
+
+ /{var/,} r,
+ /{var/,}run/ r,
+@@ -22,6 +24,13 @@
+ owner @{PROC}/[0-9]*/cmdline r,
+ owner @{PROC}/[0-9]*/fd/ r,
+
++ deny /var/cache/fontconfig/ w,
++ /home/vidalia/.fontconfig/ rw,
++ /home/vidalia/.fontconfig/* rw,
++ /home/vidalia/.config/Trolltech.conf* rw,
++ /home/vidalia/.wh..wh..vidalia.*/ rw,
++ /lib/live/mount/overlay/home/vidalia/.wh..wh..vidalia.*/ rw,
++
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.vidalia>
+ }
+
diff --git a/config/chroot_local-patches/apparmor-aliases.diff b/config/chroot_local-patches/apparmor-aliases.diff
new file mode 100644
index 0000000..2d0cef0
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-aliases.diff
@@ -0,0 +1,62 @@
+--- a/etc/apparmor.d.orig/abstractions/base 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/base 2015-06-03 18:11:08.402380000 +0000
+@@ -47,17 +47,19 @@
+ # available everywhere
+ /etc/ld.so.cache mr,
+ /lib{,32,64}/ld{,32,64}-*.so mrix,
+- /lib{,32,64}/**/ld{,32,64}-*.so mrix,
++ /lib{32,64}/**/ld{,32,64}-*.so mrix,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/ld{,32,64}-*.so mrix,
+ /lib/@{multiarch}/ld{,32,64}-*.so mrix,
+ /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
+ /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
+ /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
+
+ # we might as well allow everything to use common libraries
+- /lib{,32,64}/** r,
++ /lib{32,64}/** r,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib{,32,64}/lib*.so* mr,
+- /lib{,32,64}/**/lib*.so* mr,
+- /lib/@{multiarch}/** r,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/lib*.so* mr,
++ /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /lib/@{multiarch}/lib*.so* mr,
+ /lib/@{multiarch}/**/lib*.so* mr,
+ /usr/lib{,32,64}/** r,
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
+--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/abstractions/ubuntu-helpers 2015-06-03 18:16:42.022380000 +0000
+@@ -63,8 +63,8 @@
+ # in limited libraries so glibc's secure execution should be enough to not
+ # require the santized_helper (ie, LD_PRELOAD will only use standard system
+ # paths (man ld.so)).
+- /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
+- /usr/lib/chromium-browser/chrome-sandbox PUxr,
++ # /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
++ # /usr/lib/chromium-browser/chrome-sandbox PUxr,
+ /opt/google/chrome/chrome-sandbox PUxr,
+ /opt/google/chrome/google-chrome Pixr,
+ /opt/google/chrome/chrome Pixr,
+@@ -73,7 +73,8 @@
+ # Full access
+ / r,
+ /** rwkl,
+- /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
++ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}{,**/}*.so{,.*} m,
++ /usr{/,/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+
+ # Dangerous files
+ audit deny owner /**/* m, # compiled libraries
+diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
+--- a/etc/apparmor.d.orig/tunables/alias 2013-07-10 22:05:57.000000000 +0000
++++ b/etc/apparmor.d/tunables/alias 2015-06-03 18:12:46.426380000 +0000
+@@ -14,3 +14,7 @@
+ #
+ # Or if mysql databases are stored in /home:
+ # alias /var/lib/mysql/ -> /home/mysql/,
++
++alias / -> /lib/live/mount/overlay/,
++alias / -> /lib/live/mount/rootfs/*.squashfs/,
++
+
diff --git a/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
new file mode 100644
index 0000000..88a9e12
--- /dev/null
+++ b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
@@ -0,0 +1,13 @@
+diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
+index 098111c..e1cfd15 100755
+--- a/lib/live/boot/9990-overlay.sh
++++ b/lib/live/boot/9990-overlay.sh
+@@ -156,7 +156,7 @@ setup_unionfs ()
+ # tmpfs file systems
+ touch /etc/fstab
+ mkdir -p /live/overlay
+- mount -t tmpfs tmpfs /live/overlay
++ # mount -t tmpfs tmpfs /live/overlay
+
+ # Looking for persistence devices or files
+ if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
diff --git a/features/evince.feature b/features/evince.feature
index fe687f3..e65388e 100644
--- a/features/evince.feature
+++ b/features/evince.feature
@@ -22,8 +22,17 @@ Feature: Using Evince
Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg
Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
+ Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
+ And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
+ And the file "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
When I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
+ When I close Evince
+ And I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
+ Then I see "EvinceUnableToOpen.png" after at most 10 seconds
+ When I close Evince
+ And I try to open "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince
+ Then I see "EvinceUnableToOpen.png" after at most 10 seconds
@keep_volumes
Scenario: Installing Tails on a USB drive, creating a persistent partition, copying PDF files to it
@@ -50,4 +59,3 @@ Feature: Using Evince
When I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
And I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
-
diff --git a/features/images/TorBrowserSaveDialog.png b/features/images/TorBrowserSaveDialog.png
new file mode 100644
index 0000000..257c8ba
--- /dev/null
+++ b/features/images/TorBrowserSaveDialog.png
Binary files differ
diff --git a/features/images/TorBrowserUnableToOpen.png b/features/images/TorBrowserUnableToOpen.png
index f0faa26..ee79242 100644
--- a/features/images/TorBrowserUnableToOpen.png
+++ b/features/images/TorBrowserUnableToOpen.png
Binary files differ
diff --git a/features/pidgin.feature b/features/pidgin.feature
index 27a8034..9e11e2e 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -80,6 +80,12 @@ Feature: Chatting anonymously using Pidgin
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
+ When I close Pidgin's certificate import failure dialog
+ And I close Pidgin's certificate manager
+ Then I cannot add a certificate from the "/lib/live/mount/overlay/home/amnesia/.gnupg" directory to Pidgin
+ When I close Pidgin's certificate import failure dialog
+ And I close Pidgin's certificate manager
+ Then I cannot add a certificate from the "/live/overlay/home/amnesia/.gnupg" directory to Pidgin
@keep_volumes @check_tor_leaks
Scenario: Using a persistent Pidgin configuration
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 08f66e2..72f5447 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -447,6 +447,13 @@ Then /^I see "([^"]*)" after at most (\d+) seconds$/ do |image, time|
@screen.wait(image, time.to_i)
end
+Then /^I don't see "([^"]*)"$/ do |image|
+ next if @skip_steps_while_restoring_background
+ if @screen.exists(image)
+ raise "Found #{image}"
+ end
+end
+
Then /^all Internet traffic has only flowed through Tor$/ do
next if @skip_steps_while_restoring_background
leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
@@ -952,9 +959,11 @@ When /^I click the HTML5 play button$/ do
@screen.wait_and_click("TorBrowserHtml5PlayButton.png", 30)
end
-When /^I can save the current page as "([^"]+[.]html)" to the (default downloads|persistent Tor Browser) directory$/ do |output_file, output_dir|
+When /^I (can|cannot) save the current page as "([^"]+[.]html)" to the (.*) directory$/ do |should_work, output_file, output_dir|
next if @skip_steps_while_restoring_background
+ should_work = should_work == 'can' ? true : false
@screen.type("s", Sikuli::KeyModifier.CTRL)
+ @screen.wait("TorBrowserSaveDialog.png", 10)
if output_dir == "persistent Tor Browser"
output_dir = "/home/#{LIVE_USER}/Persistent/Tor Browser"
@screen.wait_and_click("GtkTorBrowserPersistentBookmark.png", 10)
@@ -963,16 +972,22 @@ When /^I can save the current page as "([^"]+[.]html)" to the (default downloads
# let's use the keyboard shortcut to focus its field
@screen.type("n", Sikuli::KeyModifier.ALT)
@screen.wait("TorBrowserSaveOutputFileSelected.png", 10)
- else
+ elsif output_dir == "default downloads"
output_dir = "/home/#{LIVE_USER}/Tor Browser"
+ else
+ @screen.type(output_dir + '/')
end
# Only the part of the filename before the .html extension can be easily replaced
# so we have to remove it before typing it into the arget filename entry widget.
@screen.type(output_file.sub(/[.]html$/, ''))
@screen.type(Sikuli::Key.ENTER)
- try_for(10, :msg => "The page was not saved to #{output_dir}/#{output_file}") {
- @vm.file_exist?("#{output_dir}/#{output_file}")
- }
+ if should_work
+ try_for(10, :msg => "The page was not saved to #{output_dir}/#{output_file}") {
+ @vm.file_exist?("#{output_dir}/#{output_file}")
+ }
+ else
+ @screen.wait("TorBrowserCannotSavePage.png", 10)
+ end
end
When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads|persistent Tor Browser) directory$/ do |output_file, output_dir|
diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb
index 1bb122d..36bc554 100644
--- a/features/step_definitions/evince.rb
+++ b/features/step_definitions/evince.rb
@@ -18,3 +18,9 @@ Then /^I can print the current document to "([^"]+)"$/ do |output_file|
@vm.file_exist?(output_file)
}
end
+
+When /^I close Evince$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.type("w", Sikuli::KeyModifier.CTRL)
+ step 'process "evince" has stopped running after at most 10 seconds'
+end
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index c1885ba..9b679f6 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -66,14 +66,31 @@ Feature: Browsing the web using the Tor Browser
Given I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia"
And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/.gnupg/synaptic.html" as user "amnesia"
And I copy "/usr/share/synaptic/html/index.html" to "/tmp/synaptic.html" as user "amnesia"
+ Then the file "/home/amnesia/.gnupg/synaptic.html" exists
+ And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" exists
+ And the file "/live/overlay/home/amnesia/.gnupg/synaptic.html" exists
+ And the file "/tmp/synaptic.html" exists
And I start the Tor Browser
And the Tor Browser has started and loaded the startup page
When I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
Then I see "TorBrowserSynapticManual.png" after at most 10 seconds
+ And I don't see "TorBrowserUnableToOpen.png"
When I open the address "file:///home/amnesia/.gnupg/synaptic.html" in the Tor Browser
- Then I see "TorBrowserUnableToOpen.png" after at most 10 seconds
+ And I wait between 4 and 5 seconds
+ Then I don't see "TorBrowserSynapticManual.png"
+ And I see "TorBrowserUnableToOpen.png" after at most 1 seconds
+ When I open the address "file:///lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
+ And I wait between 4 and 5 seconds
+ Then I don't see "TorBrowserSynapticManual.png"
+ And I see "TorBrowserUnableToOpen.png" after at most 1 seconds
+ When I open the address "file:///live/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser
+ And I wait between 4 and 5 seconds
+ Then I don't see "TorBrowserSynapticManual.png"
+ And I see "TorBrowserUnableToOpen.png" after at most 1 seconds
When I open the address "file:///tmp/synaptic.html" in the Tor Browser
- Then I see "TorBrowserUnableToOpen.png" after at most 10 seconds
+ And I wait between 4 and 5 seconds
+ Then I don't see "TorBrowserSynapticManual.png"
+ Then I see "TorBrowserUnableToOpen.png" after at most 1 seconds
Scenario: The "Tails documentation" link on the Desktop works
When I double-click on the "Tails documentation" link on the Desktop
diff --git a/features/totem.feature b/features/totem.feature
index b5288d8..a88f32f 100644
--- a/features/totem.feature
+++ b/features/totem.feature
@@ -17,12 +17,22 @@ Feature: Using Totem
And I setup a filesystem share containing sample videos
And I start Tails from DVD with network unplugged and I login
And I copy the sample videos to "/home/amnesia" as user "amnesia"
+ And the file "/home/amnesia/video.mp4" exists
When I open "/home/amnesia/video.mp4" with Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
Given I close Totem
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
+ And the file "/home/amnesia/.gnupg/video.mp4" exists
When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
+ Given I close Totem
+ And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" exists
+ When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" with Totem
+ Then I see "TotemUnableToOpen.png" after at most 10 seconds
+ Given I close Totem
+ And the file "/live/overlay/home/amnesia/.gnupg/video.mp4" exists
+ When I try to open "/live/overlay/home/amnesia/.gnupg/video.mp4" with Totem
+ Then I see "TotemUnableToOpen.png" after at most 10 seconds
@check_tor_leaks
Scenario: Watching a WebM video over HTTPS, with and without the command-line
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index fb43f23..19717cc 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -58,14 +58,26 @@ between an access to the upper layer, and an access to the loop-backed
underlying layer.
So, we have to adjust profiles a bit to make them support the paths
-that are actually seen by AppArmor in the context of Tails:
-
-* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-home-tunable.diff]]
+that are actually seen by AppArmor in the context of Tails.
+
+First, we are using a couple of
+[aliases](http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Alias_and_rewrite_rules)
+so that rules applying to "normal" paths (e.g.
+`/home/amnesia/.gnupg/`) also apply to Debian Live -specific paths,
+such as `/lib/live/mount/overlay/home/amnesia/.gnupg/`. And, to avoid
+subsequent problems with overlapping rules, and to mitigate the
+increased policy compilation time (see details below), we also patch
+some some very broad rules to make them _not_ apply to `/lib/live/*`.
+All these changes live in
+[[!tails_gitweb config/chroot_local-patches/apparmor-aliases.diff]].
+
+Second, few more targeted adjustments are also applied:
+
+* [[!tails_gitweb config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-tor-abstraction.diff]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-tor-profile.diff]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-totem-profile.diff]]
-* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff]]
Below, we discuss various leads that might avoid the need for coming
up with such adjustments, and maintaining it.