David Mirza Ahmad
David Mirza Ahmad
There may be advantages to doing it this way, and less prone to inaccurate socket state results due to race conditions in non-atomic filesystem lookup. Can always fall back to...
Was able to crash fw-daemon via panic/exception in go-nfnetlink by initiating thousands of concurrent connections from within sandbox through sgfw SOCKS5 proxy port. go-nfnetlink thinks it isn't getting a null...
Configuring an obfs3/4 bridge results in this error when Tor attempts to use the bridge: Jun 29 15:02:24.000 [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('Operation not permitted')....
Failed to setup filesystem: symlink evaluation failed while blacklisting path /run/resolvconf/private-dhcp: lstat /srv/oz/rootfs/run/resolvconf/private-dhcp: no such file or directory Does it make any sense to fail a launch if a blacklist...
We'll need to patch xpra to do this.
As we do w/clearnet & chronion
With the restricted socket configuration, gpg-agent can produce interesting log entries. We should make sure the most interesting events are included in the default sublogmon conf: [thunderbird-clear] $ gpg --export-secret-keys...
- [x] AppArmor package update with req'd policy changes for fw-daemon, tor (permission to create sockets path) - need issue for this - [x] Finish / fix sandbox policy implementation...
AppArmor violation of profile /usr/sbin/NetworkManager detected from NetworkManager attempting open on /sys/devices/virtual/net/vozYfdsFb/
Sep 4 03:45:25 subgraph ferm[11465]: Reloading Firewall configuration...Traceback (most recent call last): Sep 4 03:45:25 subgraph ferm[11465]: File "/usr/lib/subgraph-ferm-config/get_private_subnets.py", line 60, in Sep 4 03:45:25 subgraph ferm[11465]: print "\n".join( get_private_subnets(addrs)...