Skip to content

Sandbox Tor

Tor probably has one the biggest attack surface exposed by Tails to a network attacker. It also knows the IP that’s being used to connect to the Internet. Therefore, anything is welcome to make it harder, for an attacker, to escalate from “Tor exploited” to “whole system under’s attacker control” or deanonymization.

When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be easily adaptable to contain Tor.

Alternatively, AppArmor confinement should be considered.

Feature Branch: feature/apparmor

Parent Task: #8004 (closed)

Original created by @tails on 6081 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information