| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | snowflake: run snowflake-proxy with procd-ujail | Daniel Golle | 2022-09-25 |
| | | | | | | | | | | | | | | | | | snowflake-proxy doesn't write any files => run in read-only rootfs environment the process needs to read SSL certs but no other files => only exposed path is /etc/ssl/certificates (read-only) running as unpriviledged user with no additional capabilities => set no-new-privs bit By default procd-ujail also isolates the process by executing it in a separate new IPC and PID namespace. Signed-off-by: Daniel Golle <daniel@makrotopia.org> | ||
| * | snowflake: add package | Daniel Golle | 2022-09-24 |
| Package Tor's Snowflake system components so users can offer e.g. a standalone Snowflake proxy on their routers or other devices. Signed-off-by: Daniel Golle <daniel@makrotopia.org> | |||