packages

Difuse/packages

Fork 0

Commit graph

Author	SHA1	Message	Date
Daniel Golle	0f3d48a378	snowflake: run snowflake-proxy with procd-ujail snowflake-proxy doesn't write any files => run in read-only rootfs environment the process needs to read SSL certs but no other files => only exposed path is /etc/ssl/certificates (read-only) running as unpriviledged user with no additional capabilities => set no-new-privs bit By default procd-ujail also isolates the process by executing it in a separate new IPC and PID namespace. Signed-off-by: Daniel Golle <daniel@makrotopia.org>	2022-09-25 01:38:09 +01:00
Daniel Golle	cf120a7eff	snowflake: add package Package Tor's Snowflake system components so users can offer e.g. a standalone Snowflake proxy on their routers or other devices. Signed-off-by: Daniel Golle <daniel@makrotopia.org>	2022-09-24 19:06:47 +01:00

Author

SHA1

Message

Date

Daniel Golle

0f3d48a378

snowflake: run snowflake-proxy with procd-ujail

snowflake-proxy doesn't write any files
 => run in read-only rootfs environment

the process needs to read SSL certs but no other files
 => only exposed path is /etc/ssl/certificates (read-only)

running as unpriviledged user with no additional capabilities
 => set no-new-privs bit

By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

2022-09-25 01:38:09 +01:00

Daniel Golle

cf120a7eff

snowflake: add package

Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

2022-09-24 19:06:47 +01:00

2 commits