Skip to content

incremental upgrades: better privilege separation

The desktop user should not be allowed to install any random IUK. It should only be allowed to run the update frontend as some dedicated user, who itself is allowed to run tails-install-iuk as root.

Parent Task: #5922 (closed)

Original created by @intrigeri on 6346 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information