Diffstat (limited to 'wiki/src/contribute/design/application_isolation.mdwn')
1 files changed, 14 insertions, 1 deletions
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index d8331de..fffe0c5 100644
@@ -58,7 +58,20 @@ between an access to the upper layer, and an access to the loop-backed
So, we have to adjust profiles a bit to make them support the paths
-that are actually seen by AppArmor in the context of Tails:
+that are actually seen by AppArmor in the context of Tails.
+First, we are using a couple of
+so that rules applying to "normal" paths (e.g.
+`/home/amnesia/.gnupg/`) also apply to Debian Live -specific paths,
+such as `/lib/live/mount/overlay/home/amnesia/.gnupg/`. And, to avoid
+subsequent problems with overlapping rules, and to mitigate the
+increased policy compilation time (see details below), we also patch
+some some very broad rules to make them _not_ apply to `/lib/live/*`.
+All these changes live in
+Second, few more targeted adjustments are also applied:
* [[!tails_gitweb config/chroot_local-includes/etc/apparmor.d/tunables/home.d/tails]]
* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-pidgin-profile.diff]]