From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36438) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLqRy-000543-J4 for guix-patches@gnu.org; Fri, 16 Jun 2017 08:34:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLqRu-0008UQ-LK for guix-patches@gnu.org; Fri, 16 Jun 2017 08:34:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:47707) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dLqRu-0008U5-Hf for guix-patches@gnu.org; Fri, 16 Jun 2017 08:34:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dLqRu-000618-8y for guix-patches@gnu.org; Fri, 16 Jun 2017 08:34:02 -0400 Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Resent-Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_12cc08064fe61caa7ce1de7c2bfc4ab8" Date: Fri, 16 Jun 2017 14:33:31 +0200 From: Rutger Helling In-Reply-To: <20170616120108.d5kx6h2ukiy7qtux@abyayala> References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> Message-ID: <00b283d856293540d950c67502d4538e@mykolab.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 27394@debbugs.gnu.org --=_12cc08064fe61caa7ce1de7c2bfc4ab8 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Hey ng0, I think that ticket references whether the default torrc should have "Sandbox 1". This patch doesn't do that, you still have to set that manually if you want to use it. It only gives you the option (Tor will just ignore that option in Guix right now). I also don't think that hardening and the sandbox bite each other in any way. On 2017-06-16 14:01, ng0 wrote: > Rutger Helling transcribed 2.5K bytes: > >> Hello, >> >> this patch adds seccomp support to tor. > > There's the question if we would want that. > tor doesn't enable it by default, see: https://trac.torproject.org/projects/tor/ticket/19215 > But we also enable hardening by default, which differs from the tor default. > I have no problem with moving unstable features in, but hardening > seems much more tested to me than seccomp. --=_12cc08064fe61caa7ce1de7c2bfc4ab8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hey ng0,

I think that ticket references whether the default torrc should have "Sa= ndbox 1". This patch doesn't do that, you still have to set that manually i= f you want to use it. It only gives you the option (Tor will just ignore th= at option in Guix right now).

I also don't think that hardening and the sandbox bite each other in any= way.

On 2017-06-16 14:01, ng0 wrote:

= Rutger Helling transcribed 2.5K bytes:
Hello,

this patch adds seccomp support to= tor.

There's the question if we would want that.
tor doesn't enable= it by default, see: https://trac.torproject.org/projects/tor/ticket/19215
= But we also enable hardening by default, which differs from the tor defaul= t.
I have no problem with moving unstable features in, but hardening<= br /> seems much more tested to me than seccomp.

 

 
--=_12cc08064fe61caa7ce1de7c2bfc4ab8--