[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#27394] [PATCH] gnu: tor: Add seccomp support.

From: Rutger Helling
Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support.
Date: Wed, 21 Jun 2017 08:57:01 +0200

I don't have any issues (yet) running it with the sandbox on, but I agree it's good to test it extensively beforehand and depending on the stability wait until the Tor Project defaults to it.

On 2017-06-21 00:31, address@hidden wrote:

On Tue, 20 Jun 2017 23:07:38 +0200, address@hidden (Ludovic Courtès) wrote:

Hi Rutger,

Rutger Helling <address@hidden> skribis:

From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001
From: Rutger Helling <address@hidden>
Date: Fri, 16 Jun 2017 13:15:17 +0200
Subject: [PATCH] gnu: tor: Add seccomp support.

* gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.

Applied, thanks.

Do you think the GuixSD service should set "Sandbox 1" by default?  The
Besides, the GuixSD service runs Tor in a container, but that doesn't
necessarily provide the same guarantees:


As mentioned earlier in the thread: I don't think it should be default until we have
found it to be stable enough. I experienced several "sandbox violations" when running
this in the last days. Is this good? Is this bad? I had no chance to investigate this so far.
It also goes against torproject recommendations, as they consider sandbox (seccomp) in
tor to be an unstable + testing feature, disabled by default.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]