GNU bug report logs - #27394
[PATCH] gnu: tor: Add seccomp support.

Previous Next

Package: guix-patches;

Reported by: Rutger Helling <rhelling <at> mykolab.com>

Date: Fri, 16 Jun 2017 11:23:01 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ng0 <ng0 <at> infotropique.org>
To: Rutger Helling <rhelling <at> mykolab.com>, 27394 <at> debbugs.gnu.org
Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support.
Date: Fri, 16 Jun 2017 13:10:08 +0000

The patch itself seems to work.

Just introducing upstream explicitly marked (see 'man tor') as "experimental"
features is difficult. As long as nothing breaks it's okay I guess.

Should tor or the GuixSD native tor-service start to consume too much
resources, we can still adjust.

ng0 transcribed 2.3K bytes:
> Rutger Helling transcribed 2.6K bytes:
> > Hey ng0, 
> > 
> > I think that ticket references whether the default torrc should have
> > "Sandbox 1".
> 
> I understood the Whonix mail, which is how I got to the trac of tor,
> in the way that they don't enable seccomp because tor does not enable
> it as default. I'm not 100% positive on this, but I think I used
> tor with +seccomp and hardening in Gentoo for a very long time.
> 
> 
> > This patch doesn't do that, you still have to set that
> > manually if you want to use it. It only gives you the option (Tor will
> > just ignore that option in Guix right now). 
> > 
> > I also don't think that hardening and the sandbox bite each other in any
> > way. 
> > 
> > On 2017-06-16 14:01, ng0 wrote:
> > 
> > > Rutger Helling transcribed 2.5K bytes: 
> > > 
> > >> Hello, 
> > >> 
> > >> this patch adds seccomp support to tor.
> > > 
> > > There's the question if we would want that.
> > > tor doesn't enable it by default, see: https://trac.torproject.org/projects/tor/ticket/19215
> > > But we also enable hardening by default, which differs from the tor default.
> > > I have no problem with moving unstable features in, but hardening
> > > seems much more tested to me than seccomp.
> 
> -- 
> ng0
> OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> https://krosos.org/~/ng0/ https://www.infotropique.org



-- 
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://krosos.org/~/ng0/ https://www.infotropique.org
This bug report was last modified 8 years and 24 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.