On 07/03/2018 06:03 PM, Matthew Finkel wrote:
On GNU/Linux, we can use the namespacing and secure computing (Secure Computing) facilities in the kernel exposed to userspace. Sandboxed Tor Browser on Linux already shows how these can be combined and form a sandbox. In particular, we can use bubblewrap[14] as a setuid sandboxing helper (if user namespace is not enabled), if it is available. In addition, we can reduce the syscall surface area with Seccomp-BFP. CGroups provide a way for limiting the resources available within the sandbox. We may also want to manually proxy/filter other system functionality (X11).
On a side note, on Linux you could also use flatpack if you: * Make 2 packages, one for the browser, one for tor + PTs. * Fix the browser to treat tor-button, NoScript, and HTTPSE along with all the prefs as system components. (As in, Tor Browser should be able to be shipped without a default profile directory, and Do The Right Thing).
Regards,