Tor + SELinux sandbox = leak proof without VM overhead?
F. Fox
kitsune.or at gmail.com
Sun Aug 22 01:06:16 UTC 2010
It certainly sounds interesting. Full VM environments not only cause
system resource overhead, but maintenance overhead, too (that's always
been my biggest gripe about them).
F. Fox
On 08/21/2010 05:55 PM, Gregory Maxwell wrote:
(snip)
> Has anyone looked into using the SELINUX sandbox
> (http://danwalsh.livejournal.com/28545.html) to prevent leaks? The
> sandbox provides a high degree of application isolation. It looks
> like it would be pretty much trivial to add an option to the sandbox
> front end program to only allow accesses to the tor socks port from
> the isolated app.
>
> With this users on a supporting platforms wouldn't have to use
> wireshark to figure out if, say, pidgin, is leaking via DNS. They
> could simply run the app inside the sandbox and be sure of it.
(snip)
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list