GNU bug report logs - #27394
[PATCH] gnu: tor: Add seccomp support.

Previous Next

Package: guix-patches;

Reported by: Rutger Helling <rhelling <at> mykolab.com>

Date: Fri, 16 Jun 2017 11:23:01 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: <ng0 <at> infotropique.org>
To: "Ludovic Courtès" <ludo <at> gnu.org>
Cc: 27394-done <27394-done <at> debbugs.gnu.org>, Rutger Helling <rhelling <at> mykolab.com>
Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support.
Date: Wed, 21 Jun 2017 00:31:18 +0200 (CEST)


On Tue, 20 Jun 2017 23:07:38 +0200, ludo <at> gnu.org (Ludovic Courtès) wrote:

> Hi Rutger,
> 
> Rutger Helling <rhelling <at> mykolab.com> skribis:
> 
> > From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001
> > From: Rutger Helling <rhelling <at> mykolab.com>
> > Date: Fri, 16 Jun 2017 13:15:17 +0200
> > Subject: [PATCH] gnu: tor: Add seccomp support.
> >
> > * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.
> 
> Applied, thanks.
> 
> Do you think the GuixSD service should set “Sandbox 1” by default?  The
> Besides, the GuixSD service runs Tor in a container, but that doesn’t
> necessarily provide the same guarantees:
> <https://www.gnu.org/software/guix/news/running-system-services-in-containers.html>.
> 
> Ludo’.

As mentioned earlier in the thread: I don't think it should be default until we have
found it to be stable enough. I experienced several "sandbox violations" when running
this in the last days. Is this good? Is this bad? I had no chance to investigate this so far.
It also goes against torproject recommendations, as they consider sandbox (seccomp) in
tor to be an unstable + testing feature, disabled by default.
This bug report was last modified 8 years and 25 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.