[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnunet] Security sandboxing of Gnunet
|
From: |
Christian Grothoff |
|
Subject: |
Re: [Help-gnunet] Security sandboxing of Gnunet |
|
Date: |
Thu, 28 May 2015 00:21:57 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
Sure, sandboxing can help. We hoped to do this by shipping Apparmor
profiles (open bug report: https://gnunet.org/bugs/view.php?id=2004,
help writing profiles would be very welcome), but Firejail is certainly
another possibility. One could even combine the two, using Apparmor to
restrict GNUnet services (i.e. to only network communication) and
Firejail to isolate GUIs from other applications of the same user.
Only obvious drawback I see is increased installation complexity.
Happy hacking!
Christian
On 05/27/2015 05:20 PM, Geeb wrote:
> Would there be any mileage in a security sense, in running gnunet processes
> in a sandboxed environment like Firejail? Either at host level or user
> level?
>
> https://l3net.wordpress.com/projects/firejail/
>
> Would there be any obvious drawbacks?
>
> Thanks,
>
> Geeb
>
>
>
> _______________________________________________
> Help-gnunet mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-gnunet
>
signature.asc
Description: OpenPGP digital signature