GNU bug report logs -
#27394
[PATCH] gnu: tor: Add seccomp support.
Previous Next
Reported by: Rutger Helling <rhelling <at> mykolab.com>
Date: Fri, 16 Jun 2017 11:23:01 UTC
Severity: normal
Tags: patch
Done: ludo <at> gnu.org (Ludovic Courtès)
Bug is archived. No further changes may be made.
Full log
Message #31 received at 27394-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I don't have any issues (yet) running it with the sandbox on, but I
agree it's good to test it extensively beforehand and depending on the
stability wait until the Tor Project defaults to it.
On 2017-06-21 00:31, ng0 <at> infotropique.org wrote:
> On Tue, 20 Jun 2017 23:07:38 +0200, ludo <at> gnu.org (Ludovic Courtès) wrote:
>
> Hi Rutger,
>
> Rutger Helling <rhelling <at> mykolab.com> skribis:
>
> From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001
> From: Rutger Helling <rhelling <at> mykolab.com>
> Date: Fri, 16 Jun 2017 13:15:17 +0200
> Subject: [PATCH] gnu: tor: Add seccomp support.
>
> * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.
> Applied, thanks.
>
> Do you think the GuixSD service should set "Sandbox 1" by default? The
> Besides, the GuixSD service runs Tor in a container, but that doesn't
> necessarily provide the same guarantees:
> <https://www.gnu.org/software/guix/news/running-system-services-in-containers.html>.
>
> Ludo'.
As mentioned earlier in the thread: I don't think it should be default
until we have
found it to be stable enough. I experienced several "sandbox violations"
when running
this in the last days. Is this good? Is this bad? I had no chance to
investigate this so far.
It also goes against torproject recommendations, as they consider
sandbox (seccomp) in
tor to be an unstable + testing feature, disabled by default.
[Message part 2 (text/html, inline)]
This bug report was last modified 8 years and 24 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.