Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,285
    • Issues 1,285
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #5791
Closed
Open
Created May 07, 2012 by Roger Dingledine@armaReporter

Gather apparmor/selinux/seatbelt profiles for each component of TBB

It's increasingly clear that shipping TBB without any "system call permissions" wrappers is an arms race that is too easy to lose. Bug 5741 is the latest of what will continue to be many instances.

The Tor wiki has a variety of instructions on putting your TBB in a VM, or running it wrapped by apparmor, or somebody saying the word SELinux, etc.

We should gather all these instructions together, and start vetting them with the goal of integrating as many as we can into the main build processes, and providing the rest as "for experts, you can be even safer if".

We need a volunteer with good security taste to get this started. I could easily see this project being a bounty too.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking