It certainly sounds interesting. Full VM environments not only cause
system resource overhead, but maintenance overhead, too (that's always
been my biggest gripe about them).
F. Fox
On 08/21/2010 05:55 PM, Gregory Maxwell wrote:
(snip)
Has anyone looked into using the SELINUX sandbox
(http://danwalsh.livejournal.com/28545.html) to prevent leaks? The
sandbox provides a high degree of application isolation. It looks
like it would be pretty much trivial to add an option to the sandbox
front end program to only allow accesses to the tor socks port from
the isolated app.
With this users on a supporting platforms wouldn't have to use
wireshark to figure out if, say, pidgin, is leaking via DNS. They
could simply run the app inside the sandbox and be sure of it.
(snip)
***********************************************************************
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/