LWN: Comments on "Oniux: kernel-level Tor isolation for Linux applications"

syd-tor is an alternative

alip — Mon, 19 May 2025 12:37:56 +0000

Syd's proxy sandboxing with syd-tor is an alternative for this using more or less the same method:
- Proxy sandboxing: https://man.exherbo.org/syd.7.html#Proxy_Sandboxing
- syd-tor: https://man.exherbo.org/syd-tor.1.html

PS: I am the main author of Syd.

Leeks and leaks

k3ninho — Sat, 17 May 2025 08:40:18 +0000

I guess the Tor announcement could have said if they create the namespaces+cgroups with this environment variable applied to all processes inside, which sidesyep the issue and would also add clarity.

K3n.

Leeks and leaks

Fowl — Sat, 17 May 2025 02:52:41 +0000

Relevant post by Daniel Stenberg (of curl fame) about how this a bit of a reverse course for those apps that attempted to do the right thing with .onion in the past: https://daniel.haxx.se/blog/2025/05/16/leeks-and-leaks/

aarch64-unknown-linux-musl

rillian — Fri, 16 May 2025 13:19:24 +0000

In case anyone else is confused building out of a local repo, the project is configured to target aarch64-unknown-linux-musl by default, and will fail to build if cross-toolchains for that target are not installed. One can work around by passing --target x86_64-unknown-linux-gnu to cargo, or whatever one's native target is.

The build.target directive in .cargo/config is ignored by cargo install which is why the blog post's suggestion of installing directly from the upstream repo works.