INC-2026-04-04: P16g Deployed Without Mandatory Access Control

Incident Summary

Field Value

Field	Value
Detected	2026-04-04 ~evening PDT (self-audit during domus-digitalis setup)
Mitigated	Pending
Resolved	Pending
Duration	Ongoing since 2026-04-02 (deployment date)
Severity	P2 (High) - Secrets-handling workstation with no process confinement
Impact	All processes run with full user privilege — no isolation between applications and `~/.secrets/`, `~/.gnupg/`, `~/.age/`, gopass stores
Root Cause	MAC system (AppArmor/SELinux) not included in P16g deployment phases

Detected

2026-04-04 ~evening PDT (self-audit during domus-digitalis setup)

Mitigated

Pending

Resolved

Pending

Duration

Ongoing since 2026-04-02 (deployment date)

Severity

P2 (High) - Secrets-handling workstation with no process confinement

Impact

All processes run with full user privilege — no isolation between applications and ~/.secrets/, ~/.gnupg/, ~/.age/, gopass stores

Root Cause

MAC system (AppArmor/SELinux) not included in P16g deployment phases

Timeline

Time (PDT)	Event
2026-04-02	P16g deployed — Phases 0-8b completed. No MAC system installed or configured.
2026-04-04	Discovered during domus-digitalis setup failure — prompted broader security posture review
2026-04-04	Confirmed: no LSM active beyond default Yama. No AppArmor, no SELinux, no SMACK.

Symptoms

No MAC framework loaded in kernel LSM stack
Every user-space process has unrestricted access to all user-owned files
npm/node processes (domus-digitalis) can read ~/.secrets/, ~/.gnupg/, ~/.age/
Browser processes can access gopass stores, age identities, SSH keys
No confinement on Docker daemon or containers beyond default namespaces

Impact Assessment

Systems Affected

System	Status	Impact Duration
modestus-p16g	Exposed	Since 2026-04-02 (ongoing)

System

Status

Impact Duration

modestus-p16g

Exposed

Since 2026-04-02 (ongoing)

Attack Surface (Without MAC)

Threat Vector Unmitigated Risk

Threat Vector	Unmitigated Risk
Compromised npm package	Full read access to `~/.secrets/`, `~/.gnupg/`, `~/.age/`, gopass stores
Browser exploit	Can exfiltrate SSH keys, age identities, Vault tokens
Malicious Python/Rust crate	Unrestricted file system access within user context
Docker container escape	No AppArmor profile to limit container capabilities

Compromised npm package

Full read access to ~/.secrets/, ~/.gnupg/, ~/.age/, gopass stores

Browser exploit

Can exfiltrate SSH keys, age identities, Vault tokens

Malicious Python/Rust crate

Unrestricted file system access within user context

Docker container escape

No AppArmor profile to limit container capabilities

Business Impact

Users affected: 1 (personal workstation)
Data loss: No (no known compromise)
Security posture: Significantly degraded — defense-in-depth missing critical layer
Credential exposure risk: Elevated — no process isolation around sensitive stores

Metadata

Field	Value
Incident ID	INC-2026-04-04-002
Author	Evan Rosado
Created	2026-04-04
Last Updated	2026-04-04
Status	Draft
Post-Incident Review	After AppArmor deployment verified

Field

Value

Incident ID

INC-2026-04-04-002

Author

Evan Rosado

Created

2026-04-04

Last Updated

2026-04-04

Status

Draft

Post-Incident Review

After AppArmor deployment verified