[tor-bugs] #12751 [Tor]: systemd unit file could use more filesystem namespace hardening options
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 29 20:31:36 UTC 2014
#12751: systemd unit file could use more filesystem namespace hardening options
---------------------------+--------------------------------------------
Reporter: intrigeri | Owner: intrigeri
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay systemd 025-backport
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------------------
Changes (by nickm):
* keywords: tor-relays, systemd => tor-relay systemd 025-backport
* milestone: => Tor: 0.2.6.x-final
Comment:
Do we care about managed pluggable transports launched by the Tor process
here? Do they inherit these restrictions?
Would you like to narrow read directories down as well? If so, see the
list of stuff in the function sandbox_init_filter() in main.c. (Also
please let me know if there's some reason that Tails can't enable "sandbox
1"; I want to fix it if there is.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12751#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list