From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38925)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNZaX-0004wr-T3
	for guix-patches@gnu.org; Wed, 21 Jun 2017 02:58:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNZaU-0000v9-1z
	for guix-patches@gnu.org; Wed, 21 Jun 2017 02:58:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:56100)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dNZaT-0000uz-Ul
	for guix-patches@gnu.org; Wed, 21 Jun 2017 02:58:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNZaT-00031Y-KZ
	for guix-patches@gnu.org; Wed, 21 Jun 2017 02:58:01 -0400
Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support.
Resent-Message-ID: <handler.27394.D27394.149802823411568@debbugs.gnu.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=_fc76302c4dba3273ab1050f2f1b36059"
Date: Wed, 21 Jun 2017 08:57:01 +0200
From: Rutger Helling <rhelling@mykolab.com>
In-Reply-To: <E1dNRg6-000781-Lh@rmmprod07.runbox>
References: <E1dNRg6-000781-Lh@rmmprod07.runbox>
Message-ID: <9a77b4c9d799bd5f95bf3fce88e268af@mykolab.com>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic CourtXXs <ludo@gnu.org>, ng0@infotropique.org
Cc: 27394-done <27394-done@debbugs.gnu.org>

--=_fc76302c4dba3273ab1050f2f1b36059
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8

I don't have any issues (yet) running it with the sandbox on, but I
agree it's good to test it extensively beforehand and depending on the
stability wait until the Tor Project defaults to it. 

On 2017-06-21 00:31, ng0@infotropique.org wrote:

> On Tue, 20 Jun 2017 23:07:38 +0200, ludo@gnu.org (Ludovic Courtès) wrote:
> 
> Hi Rutger,
> 
> Rutger Helling <rhelling@mykolab.com> skribis:
> 
> From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001
> From: Rutger Helling <rhelling@mykolab.com>
> Date: Fri, 16 Jun 2017 13:15:17 +0200
> Subject: [PATCH] gnu: tor: Add seccomp support.
> 
> * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp. 
> Applied, thanks.
> 
> Do you think the GuixSD service should set "Sandbox 1" by default?  The
> Besides, the GuixSD service runs Tor in a container, but that doesn't
> necessarily provide the same guarantees:
> <https://www.gnu.org/software/guix/news/running-system-services-in-containers.html>.
> 
> Ludo'.

As mentioned earlier in the thread: I don't think it should be default
until we have
found it to be stable enough. I experienced several "sandbox violations"
when running
this in the last days. Is this good? Is this bad? I had no chance to
investigate this so far.
It also goes against torproject recommendations, as they consider
sandbox (seccomp) in
tor to be an unstable + testing feature, disabled by default.
--=_fc76302c4dba3273ab1050f2f1b36059
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family: Verdana,Gen=
eva,sans-serif'>
<p>I don't have any issues (yet) running it with the sandbox on, but I agre=
e it's good to test it extensively beforehand and depending on the stabilit=
y wait until the Tor Project defaults to it.</p>
<p>On 2017-06-21 00:31, ng0@infotropique.org wrote:</p>
<blockquote type=3D"cite" style=3D"padding: 0 0.4em; border-left: #1010ff 2=
px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ig=
nored -->
<div class=3D"pre" style=3D"margin: 0; padding: 0; font-family: monospace">=
<br /><br /> On Tue, 20 Jun 2017 23:07:38 +0200, <a href=3D"mailto:ludo@gnu=
=2Eorg">ludo@gnu.org</a> (Ludovic Court&egrave;s) wrote:<br /><br />
<blockquote type=3D"cite" style=3D"padding: 0 0.4em; border-left: #1010ff 2=
px solid; margin: 0">Hi Rutger,<br /><br /> Rutger Helling &lt;<a href=3D"m=
ailto:rhelling@mykolab.com">rhelling@mykolab.com</a>&gt; skribis:<br /><br =
/>
<blockquote type=3D"cite" style=3D"padding: 0 0.4em; border-left: #1010ff 2=
px solid; margin: 0">From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep =
17 00:00:00 2001<br /> From: Rutger Helling &lt;<a href=3D"mailto:rhelling@=
mykolab.com">rhelling@mykolab.com</a>&gt;<br /> Date: Fri, 16 Jun 2017 13:1=
5:17 +0200<br /> Subject: [PATCH] gnu: tor: Add seccomp support.<br /><br /=
> * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.</blockquote>
<br /> Applied, thanks.<br /><br /> Do you think the GuixSD service should =
set "Sandbox 1" by default? &nbsp;The<br /> Besides, the GuixSD service run=
s Tor in a container, but that doesn't<br /> necessarily provide the same g=
uarantees:<br /> &lt;<a href=3D"https://www.gnu.org/software/guix/news/runn=
ing-system-services-in-containers.html">https://www.gnu.org/software/guix/n=
ews/running-system-services-in-containers.html</a>&gt;.<br /><br /> Ludo'=
=2E</blockquote>
<br /> As mentioned earlier in the thread: I don't think it should be defau=
lt until we have<br /> found it to be stable enough. I experienced several =
"sandbox violations" when running<br /> this in the last days. Is this good=
? Is this bad? I had no chance to investigate this so far.<br /> It also go=
es against torproject recommendations, as they consider sandbox (seccomp) i=
n<br /> tor to be an unstable + testing feature, disabled by default.</div>
</blockquote>
<p>&nbsp;</p>
<div>&nbsp;</div>
</body></html>

--=_fc76302c4dba3273ab1050f2f1b36059--