Patrick Schleizer: > anonym: >> Patrick Schleizer: >>> [override] will probably work for Whonix. Joy and me drafted a >>> plan. >>> >>> In one sentence: We at Whonix invent a new a separate config >>> folder, parse it with a yml merger python script, and generate >>> another yml file that gets passed to tor-controlport-filter by >>> Tails. >> >> Ok. My understanding of this proposal is that you no longer need any >> sort of "filter rules merging" in tor-controlport-filter itself, >> correct? If so, great! :) > > I guess so, right. > > Unless any of the Tails profiles use '*'? But in that case we might be > able to just config-package-dev displace the profile.
Tails doesn't use `hosts` (previously, `match-hosts` -- the `match-` prefix has been dropped for all three matching rules) but only `exe-paths` and `users`, and only with static, glob-less patterns. >> Feel free to send a PR with your other >> changes applied to tor-controlport-filter in Tails Git! >> Otherwise >> I'll do it myself later this week. > > Let's see who is faster. Can't say yet. Seems I was. :) >>> - /etc/tor-controlport-filter.d -- We tell Whonix users to ignore >>> it. -- Internally used by /usr/lib/tor-controlport-filter . -- Will >>> contain --- tails-default-profies.yml (for the sake of sharing the >>> package >> >> But they are not useful in Whonix since they only work for loopback >> connections (i.e. only for applications running on the gateway, which >> should be nothing except for tor, essentially). Right? > > Right. [And a rather minor point...: tor-arm [now nyx] is one that could > use a profile. Users tend to create screenshots of arm, so redacting any > IP addresses would be nice. Also terminal emulators such as konsole > might have bugs. By limiting what what tor-arm gets to see it might > prevent exploiting a bug in the terminal emulator. So hypothetically > speaking, you have a profile for tor-arm, we would probably use it as well.] Sure, but we won't. I expect that a profile very similar to the one we have for Onion Circuits would do if you just want to use it as a circuit/stream viewer. Cheers! _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
