Page MenuHomePhabricator

containment for zotero
Closed, ResolvedPublic


We should get zotero an apparmor manifest as we have done for OCG. It will increase the overall security of the service and confine it.

Event Timeline

akosiaris claimed this task.
akosiaris raised the priority of this task from to Medium.
akosiaris updated the task description. (Show Details)
akosiaris added projects: Services, acl*sre-team.
akosiaris renamed this task from apparmor for zotero to containment for zotero.Jun 19 2015, 1:35 PM
akosiaris reassigned this task from akosiaris to MoritzMuehlenhoff.
akosiaris set Security to None.
akosiaris added a subscriber: akosiaris.

Reassigning to moritz who already works on an approach based on firejail. Also changing the subject reference from "apparmor" to the more generic "containmnent"

Change 220434 had a related patch set uploaded (by Muehlenhoff):
Enable firejail containment for zotero

Change 220434 merged by Alexandros Kosiaris:
Enable firejail containment for zotero

This is now enabled in production.