[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27394] [PATCH] gnu: tor: Add seccomp support.
|
From: |
ng0 |
|
Subject: |
[bug#27394] [PATCH] gnu: tor: Add seccomp support. |
|
Date: |
Wed, 21 Jun 2017 00:31:18 +0200 (CEST) |
On Tue, 20 Jun 2017 23:07:38 +0200, address@hidden (Ludovic Courtès) wrote:
> Hi Rutger,
>
> Rutger Helling <address@hidden> skribis:
>
> > From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001
> > From: Rutger Helling <address@hidden>
> > Date: Fri, 16 Jun 2017 13:15:17 +0200
> > Subject: [PATCH] gnu: tor: Add seccomp support.
> >
> > * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.
>
> Applied, thanks.
>
> Do you think the GuixSD service should set “Sandbox 1” by default? The
> Besides, the GuixSD service runs Tor in a container, but that doesn’t
> necessarily provide the same guarantees:
> <https://www.gnu.org/software/guix/news/running-system-services-in-containers.html>.
>
> Ludo’.
As mentioned earlier in the thread: I don't think it should be default until we
have
found it to be stable enough. I experienced several "sandbox violations" when
running
this in the last days. Is this good? Is this bad? I had no chance to
investigate this so far.
It also goes against torproject recommendations, as they consider sandbox
(seccomp) in
tor to be an unstable + testing feature, disabled by default.
bug#27394: [PATCH] gnu: tor: Add seccomp support., Ludovic Courtès, 2017/06/20
- [bug#27394] [PATCH] gnu: tor: Add seccomp support.,
ng0 <=