1. Forum
  2. NIXNet
  3. NIX BBS

  • Oniux: kernel-level Tor isolation for Linux applications

    From LWN.net@86:200/23 to All on Fri May 16 06:40:07 2025

    The Tor project has announced
    the oniux utility which provides Tor network isolation, using Linux
    namespaces, for third-party applications.

    Namespaces are a powerful feature that gives us the ability to
    isolate Tor network access of an arbitrary application. We put each
    application in a network namespace that doesn't provide access to
    system-wide network interfaces (such as eth0), and instead provides a
    custom network interface onion0.

    This allows us to isolate an arbitrary application over Tor in the
    most secure way possible software-wise, namely by relying on a
    security primitive offered by the operating system kernel. Unlike
    SOCKS, the application cannot accidentally leak data by failing to
    make some connection via the configured SOCKS, which may happen due to
    a mistake by the developer.

    The Tor project cautions that oniux is considered experimental as
    the software it depends on, such as Arti and
    onionmasq,
    are still new.

    https://lwn.net/Articles/1021354/
    --- SBBSecho 3.25-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)