[tor-bugs] #5791 [Tor bundles/installation]: Gather apparmor/selinux/sandbox instructions for each component of TBB

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 9 01:02:53 UTC 2012


#5791: Gather apparmor/selinux/sandbox instructions for each component of TBB
--------------------------------------+-------------------------------------
 Reporter:  arma                      |          Owner:                          
     Type:  project                   |         Status:  new                     
 Priority:  normal                    |      Milestone:  Sponsor Z: March 1, 2013
Component:  Tor bundles/installation  |        Version:                          
 Keywords:                            |         Parent:                          
   Points:                            |   Actualpoints:                          
--------------------------------------+-------------------------------------

Comment(by mikeperry):

 Replying to [comment:9 trams]:
 > Note that one of the bigger issues with going apparmor/selinux is that
 there is no way for the application to "opt-in" for the extra protection.
 The user needs to load a profile or a module to get it contained. This
 requires root privileges on the system.

 Yeah, that rules them out for shipping with TBB, but they are still useful
 to document because they are useful for testing purposes (#5767). In the
 future, I envision a Volunteer QA team running auditing profiles to tell
 them about disk leaks, proxy bypass, etc in new versions of TBB/Firefox
 while testing against a suite of test pages we recommend (#5292), and also
 during general usage.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5791#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list