[tor-bugs] #5791 [Tor bundles/installation]: Gather apparmor/selinux/seatbelt profiles for each component of TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 19 23:29:12 UTC 2013
#5791: Gather apparmor/selinux/seatbelt profiles for each component of TBB
--------------------------------------+-------------------------------------
Reporter: arma | Owner: cypherpunks
Type: project | Status: assigned
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: SponsorZ | Parent: #4522
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Description changed by trams:
Old description:
> It's increasingly clear that shipping TBB without any "system call
> permissions" wrappers is an arms race that is too easy to lose. Bug 5741
> is the latest of what will continue to be many instances.
>
> The Tor wiki has a variety of instructions on putting your TBB in a VM,
> or running it wrapped by apparmor, or somebody saying the word SELinux,
> etc.
>
> We should gather all these instructions together, and start vetting them
> with the goal of integrating as many as we can into the main build
> processes, and providing the rest as "for experts, you can be even safer
> if".
>
> We need a volunteer with good security taste to get this started. I could
> easily see this project being a bounty too.
New description:
The file attached contains sandboxes for osx. It does not need to be
compiled in, but they need to be placed in the correct location for things
to work. There are no binaries, just seatbelt files and wrapper scripts.
To install/try them, do the following steps:
1. unzip the TorBrowser-2.2.35-11-osx-x86_64-en-US.zip
2. cd TorBrowser_en-US.app
3. tar xvf ../path/to/tor-sandbox.tar
happy sandboxing
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5791#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list