[tbb-dev] So, about the Linux sandbox in the long term?

Yawning Angel yawning at schwanenlied.me
Tue May 30 12:45:08 UTC 2017

On Tue, 30 May 2017 11:04:00 +0000
Georg Koppen <gk at torproject.org> wrote:
> Oh, and it is not only Linux, OSX and Windows we need to take into
> account for planning the future for our sandboxing work. Android is
> coming later this year as a platform for Tor Browser as well. So, if
> we start thinking about the need for rewriting parts of what we
> include into Tor Browser now (and what is planned to get included
> into Tor Browser for Mobile) Android requirements for sandboxing
> should be considered, too.

Oh boy.  I don't see AppArmor working at all, though this depends
on the kernel.  seccomp + namespaces might work, though this also
depends on how the kernel is built.

Doesn't the OS handle containerization and secure updates?  Are we
doing the play store thing?  Is tor-launcher even relevant on that
platform, or is Orbot going to continue to handle all of that?

(I suspect that Android will end up remaining as the redheaded step
 child, depending on what path makes sense for the real computer

> That does not mean we need to have sorted out all of the problems on
> every platform we want to support in the future before we start
> working on getting The Right Thing done on a single one. However, I
> want to avoid a situation where we think "Damn, had I thought about
> platform X from the beginning I could have avoided yet another
> rewrite of Y".


> As I heard about Vidalia++ in this thread: let's not forget the
> failures of Vidalia (see:
> https://www.petsymposium.org/2012/papers/hotpets12-1-usability.pdf)
> when designing something new.

This seems like the major issues are primarily UI/UX related.  As I
mentioned on IRC, there's 0 reason why the meta-process can't present
something to the user that looks like tor-launcher, so I think that's
the least of the worries.

> Where does that leave us? I think we should come up with a document
> (maybe something on the wiki) about the design idea for The Right
> Thing which goes into some detail explaining how this could work on
> all 4 (Linux, OSX, Windows, and Android) platforms, listing as many
> showstoppers and possible workarounds we currently can think of, plus
> all the things that are already in place (like Unix Domain socket
> support etc.).

I think the design I had in mind for what I want the Linux sandbox to
be eventually, would also work on OSX and Windows.  No idea about
Android, and I didn't bother writing much of it down because I was
pressed for time.  Sorry.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170530/ddf83e8d/attachment.sig>

More information about the tbb-dev mailing list