On 05/27/2015 05:20 PM, Geeb wrote: > Would there be any mileage in a security sense, in running gnunet processes > in a sandboxed environment like Firejail? Either at host level or user > level? > > https://l3net.wordpress.com/projects/firejail/
I think you are safe if you run GNUnet as a separate user. So, in this case it doesn't add much if you are sandboxing at a host level. > Would there be any obvious drawbacks? GNUnet services is designed to be run under a system user. The services could be accessed by normal users via TCP/UNIX sockets. When sandboxed, the sandbox could interfere with who is allowed access to the services. If the sandbox permits this, it shouldn't be a problem. Some services like the VPN, create a TUN device. I guess this could be problematic when the sandboxed. Regards, Sree _______________________________________________ Help-gnunet mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnunet
