[tor-talk] Attention Jail afficionados
coderman
coderman at gmail.com
Sat Jul 25 22:00:35 UTC 2015
minijail better than real jail, see:
https://github.com/omegaup/minijail
"a tiny, custom launcher that handles namespacing, control groups,
chroot'ing..."
forked from https://chromium.googlesource.com/chromiumos/platform/minijail/
documentation http://www.chromium.org/chromium-os/chromiumos-design-docs/system-hardening
---
is anyone using minijail on a distribution other than Arch Linux
without building a new kernel and libcommoncap? reply on list as this
would be useful reference point.
next question is how you're running Tor in minijail :)
[ if SocksPort, SocksSocket, DNSPort, etc. ... ]
also,
https://outflux.net/teach-seccomp/
https://code.google.com/p/chromium/issues/detail?id=401655
https://lwn.net/Articles/494252/
best regards,
More information about the tor-talk
mailing list