Page MenuHomePhabricator
Create Task
Maniphest T98852

containment for zotero
Closed, ResolvedPublic
Actions

Description

We should get zotero an apparmor manifest as we have done for OCG. It will increase the overall security of the service and confine it.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+28 -8Enable firejail containment for zotero
Customize query in gerrit

Related Objects
Search...

Event Timeline

akosiaris created this task.May 12 2015, 1:37 PM
akosiaris claimed this task.
akosiaris raised the priority of this task from to Medium.
akosiaris updated the task description. (Show Details)
akosiaris added projects: Services, acl*sre-team.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 12 2015, 1:37 PM
akosiaris renamed this task from apparmor for zotero to containment for zotero.Jun 19 2015, 1:35 PM
akosiaris reassigned this task from akosiaris to MoritzMuehlenhoff.
akosiaris set Security to None.
akosiaris added a subscriber: akosiaris.

Reassigning to moritz who already works on an approach based on firejail. Also changing the subject reference from "apparmor" to the more generic "containmnent"

mobrovac added a parent task: T101870: Service containment for nodejs-based services with firejail.Jun 19 2015, 1:38 PM
gerritbot added a subscriber: gerritbot.Jun 24 2015, 9:47 AM

Change 220434 had a related patch set uploaded (by Muehlenhoff):
Enable firejail containment for zotero

https://gerrit.wikimedia.org/r/220434

gerritbot added a project: Patch-For-Review.Jun 24 2015, 9:47 AM
gerritbot added a comment.Jul 10 2015, 9:13 AM

Change 220434 merged by Alexandros Kosiaris:
Enable firejail containment for zotero

https://gerrit.wikimedia.org/r/220434

Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 10 2015, 9:13 AM
akosiaris mentioned this in rOPUPd9e62e20cc4b: Enable firejail containment for zotero.Jul 10 2015, 9:13 AM
MoritzMuehlenhoff closed this task as Resolved.Jul 10 2015, 10:01 AM

This is now enabled in production.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL