Swapfile not really disabled

[conorsch]

The Ansible config tries to disable swapfile on the Application and Monitor Servers, via swapoff -a. This works, but only for the current boot cycle. If a machine is configured with a swapfile in /etc/fstab, that swapfile will be restored on a subsequent reboot. Since the machines reboot nightly, the swapoff -a approach is close to useless.

In order to disable swap effectively, the first-run Ansible config should ensure that no swap entries exist in fstab, removing them if found.

[psivesely]

This may effectively undermine the efforts of 1dbab3c to minimize the duration of plaintext in memory, and should be resolved in the 0.4 release. Last time I checked it is the default to include a swapfile in fstab when using "guided partitioning" in the Ubuntu installer.

[garrettr]

Next steps

• Verify that swap is re-enabled after reboot on our test instance.
• Announce intent to release 0.3.12 on https://securedrop.org/news ahead of release, so admins have some prior warning.

Goals

1. Ensure swap is disabled now and forever on all instances after 0.3.12 is installed.
2. Securely erase any existing swap that may have been populated with sensitive data prior to the 0.3.12 release.
3. This update should be automatic and not require intervention from the admins. Therefore, we need to investigate how best to achieve these goals within the environment of the securedrop-app-code Debian package and its postinstall script.

[conorsch]

Have a working implementation for detecting active swap, disabling it, shredding it, and removing the fstab entry. The changes are idempotent. Will place them in the preinst script in the securedrop-app-code package and begin testing in VMs and hardware.

[conorsch]

#1626 is merged and will be used to fix running instances. Keeping this issue open until we update the Ansible config for first-run installs to disable swap on both App and Mon, and also re-enable the skipped config tests in #1616 (which caught this issue originally).