On Mon, Jul 16, 2018 at 01:32:19AM +0000, Matthew Finkel wrote: > Hi Everyone, > > We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in > #tor-meeting on OTFC.
Reminder! > > There was some discussion on the tbb-dev@ mailing list, but this meeting > will cover the details, implementation plan, roadmap, timeline, etc > (maybe we won't have enough time for all of these topics). > > Please feel free to join the channel and watch and/or contribute > productively. There will be logs available after the meeting, as well. > > https://lists.torproject.org/pipermail/tbb-dev/2018-July/000874.html We'll be discussing the available platform-specific features, some are described (to some extent) in the above thread. Another option that wasn't included was Docker-on-each-OS - at this point, Docker is supported on some versions of Windows, Mac OS X and Linux. However, this doesn't include all OS versions supported by Tor Browser, so we must choose our sandboxing techniques carefully. I believe we can use/abuse many of the same features used by Docker on these systems when they are available, but we'll need a safe fallback option when they aren't available (while still providing as much protection as we can). As Tom mentioned in his response on the tbb-dev@ thread, the Windows container features are only available on Windows 10 Professional and Enterprise editions - so we can't rely on them right now. The API is completely undocumented, but we have reference implementations. Containers on Mac OS X are provided through an OS-provided hypervisor layer. This may be an interesting avenue we can explore[0]. On Linux, Sandboxed Tor Browser remains a good example of what we can accomplish. [0] https://github.com/mist64/xhyve > > Thanks, > Matt _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
