[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
#10943: Sandboxing Instantbird
-------------------------------+------------------------------------------
Reporter: sukhbir | Owner: ioerror
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Messenger | Version:
Resolution: | Keywords: SponsorO, TorMessengerPublic
Actual Points: | Parent ID:
Points: |
-------------------------------+------------------------------------------
Comment (by ioerror):
I've attached a seccomp policy to be used with minijail like so:
{{{
minijail0 -n -S tor-messenger-seccomp-amd64.policy.sorted ./start-tor-
messenger
}}}
It would also be possible to simply detect the presence of minijail in the
`start-tor-messenger` script and then exec `instantbird` with it as the
caller. This would also allow us to make a tighter policy as the current
policy includes all of the syscalls required to run the full shell script
- which may or may not be what we want or need.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10943#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs