Sure, sandboxing can help. We hoped to do this by shipping Apparmor profiles (open bug report: https://gnunet.org/bugs/view.php?id=2004, help writing profiles would be very welcome), but Firejail is certainly another possibility. One could even combine the two, using Apparmor to restrict GNUnet services (i.e. to only network communication) and Firejail to isolate GUIs from other applications of the same user.
Only obvious drawback I see is increased installation complexity. Happy hacking! Christian On 05/27/2015 05:20 PM, Geeb wrote: > Would there be any mileage in a security sense, in running gnunet processes > in a sandboxed environment like Firejail? Either at host level or user > level? > > https://l3net.wordpress.com/projects/firejail/ > > Would there be any obvious drawbacks? > > Thanks, > > Geeb > > > > _______________________________________________ > Help-gnunet mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/help-gnunet >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnunet mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnunet
