[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor + SELinux sandbox = leak proof without VM overhead?

It certainly sounds interesting. Full VM environments not only cause system resource overhead, but maintenance overhead, too (that's always been my biggest gripe about them).

F. Fox

On 08/21/2010 05:55 PM, Gregory Maxwell wrote:
Has anyone looked into using the SELINUX sandbox
(http://danwalsh.livejournal.com/28545.html) to prevent leaks?   The
sandbox provides a high degree of application isolation.  It looks
like it would be pretty much trivial to add an option to the sandbox
front end program to only allow accesses to the tor socks port from
the isolated app.

With this users on a supporting platforms wouldn't have to use
wireshark to figure out if, say, pidgin, is leaking via DNS. They
could simply run the app inside the sandbox and be sure of it.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/