Documentation ¶
Overview ¶
Package sandbox handles launching applications in a sandboxed enviornment via bubblwrap.
Index ¶
- func IsGrsecKernel() bool
- func RunTor(cfg *config.Config, manif *config.Manifest, torrc []byte) (process *Process, err error)
- func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (process *Process, err error)
- func RunUpdate(cfg *config.Config, mar []byte) (err error)
- func SetSensibleRlimits() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsGrsecKernel ¶
func IsGrsecKernel() bool
IsGrsecKernel returns true if the system appears to be running a grsec kernel.
func RunTorBrowser ¶
func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (process *Process, err error)
RunTorBrowser launches sandboxed Tor Browser.
func SetSensibleRlimits ¶
func SetSensibleRlimits() error
SetSensibleRlimits conservatively lowers the rlimits to values that will happily support firefox, the updater, tor, and obfs4proxy.
XXX; In the future, this should be applied to each process individually. I still need to think about what I'll do for the things that are unset, because it should be tied into the UI.
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package process contains a wrapper around a running bwrap instance, and is in a separate package just to break an import loop.
|
Package process contains a wrapper around a running bwrap instance, and is in a separate package just to break an import loop. |
Package x11 contains the X11 sandbox surrogate and other X11 related sandboxing routines.
|
Package x11 contains the X11 sandbox surrogate and other X11 related sandboxing routines. |
Click to show internal directories.
Click to hide internal directories.