[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Jailed/sandboxed/chrooted applications
Fabian Keil wrote:
Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:
Does anyone here jail, sandbox or chroot the applications they use with Tor?
I'm running Tor and Privoxy in FreeBSD jails,
Xorg applications (which probably pose a bigger thread)
are running on the host system, though.
I have been trying to adapt the Wiki's transparent proxy recommendations
to a FreeBSD jail for the last couple weeks with no luck.
I wrote about trans-proxy-tor running in a FreeBSD jail at:
The text is in German but the only thing that really matters is
the /etc/devfs.rules example to make /dev/pf visible in the jail.
Nowadays I use Tor's TransPort option instead of trans-proxy-tor,
but the configuration is pretty much the same.
Interesting. You used pretty much the reverse of what I was doing.
My process is something like:
Set up a jail with sshd
Install xauth, firefox, thunderbird, etc. in the jail
Set up ssh outside the jail to be able to connect to the jail
and have X connections forwarded
Set up PF to forward all connections to Tor's TransPort,
which is on the host system
Use ssh to start a program, eg firefox, and it appears
on the host system's desktop
What I am having trouble with is step 4. It *looks* like PF
is working fine, but Tor doesn't see the traffic to the TransPort.
I think I have just been designing the firewall rules stupidly.
The Tor Wiki gives a different scenario so it isn't too helpful.