[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Jailed/sandboxed/chrooted applications

Fabian Keil wrote:
Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:

Does anyone here jail, sandbox or chroot the applications they use with Tor?

I'm running Tor and Privoxy in FreeBSD jails,
Xorg applications (which probably pose a bigger thread)
are running on the host system, though.

I have been trying to adapt the Wiki's transparent proxy recommendations
to a FreeBSD jail for the last couple weeks with no luck.

I wrote about trans-proxy-tor running in a FreeBSD jail at:

The text is in German but the only thing that really matters is
the /etc/devfs.rules example to make /dev/pf visible in the jail.

Nowadays I use Tor's TransPort option instead of trans-proxy-tor,
but the configuration is pretty much the same.

Interesting. You used pretty much the reverse of what I was doing.
My process is something like:

Set up a jail with sshd
Install xauth, firefox, thunderbird, etc. in the jail
Set up ssh outside the jail to be able to connect to the jail
   and have X connections forwarded
Set up PF to forward all connections to Tor's TransPort,
   which is on the host system
Use ssh to start a program, eg firefox, and it appears
   on the host system's desktop

What I am having trouble with is step 4. It *looks* like PF
is working fine, but Tor doesn't see the traffic to the TransPort.
I think I have just been designing the firewall rules stupidly.
The Tor Wiki gives a different scenario so it isn't too helpful.