You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because SGOS is both live like TAILS and can be installed, here are a few ideas for how the tor control GUI can fit into both SGOS user scenarios.
Onioncfg should store configuration information in a json file. Configuration information for tor could include:
Named sets of bridges
Flag to permit on-boot automatic bootstrap, default: NO
Flag to indicate the above decision is permanent
Subgraph OS system torrc on disk should have DisableNetwork set to 1 at all time, with the control port defined as a unix domain socket path and not a TCP port bound to 1270.0.1. This shall be the sole means to manage Tor, including instructing Tor to make connections.
Note that there appears to be a bug in tor (at least the version shipped with SGOS) where if DisableNetwork is set to 1, the unix domain socket for the control port will not be created, though the TCP socket will be
A workaround/hack for this is to define a bridge that doesn't exist.. tor will attempt to connect to it and will create the unix domain socket for the control interface.
Onioncfg should read configuration parameters from its config file and apply them to tor through the control interface via the unix domain socket when tor is started. Only then can tor bootstrap, with a known configuration state.
Onioncfg can either be a service, or invoked by systemd with tor. Adding a running service seems heavy unless we can think of other things onioncfg can do.
One argument for an onioncfg service is running the onioncfg process with some dedicated gid so we can leverage filesystem permissions to restrict random user process access to the Tor control socket + the user tor configuration settings.
The onioncfg GUI could be configured to appear at boot in the following circumstances:
If bootstrap automatically flag is not set AND permanent flag has not been set
This case will allow Tor configuration for live mode users, as well as users who have just installed Subgraph OS.
For installed users, they can make their decision permanent at this point. Could also be set by installer during install one we manage to get beyond the Debian installer.
Aside from this, the onioncfg GUI can be opened via command line, application search, or gnome shell Tor control sub-menu
Hmm - somewhere we could maybe do inotify on the config file, or just make a small indication to the user that Tor needs to be manually restarted..
The text was updated successfully, but these errors were encountered:
Because SGOS is both live like TAILS and can be installed, here are a few ideas for how the tor control GUI can fit into both SGOS user scenarios.
Onioncfg should store configuration information in a json file. Configuration information for tor could include:
Subgraph OS system torrc on disk should have DisableNetwork set to 1 at all time, with the control port defined as a unix domain socket path and not a TCP port bound to 1270.0.1. This shall be the sole means to manage Tor, including instructing Tor to make connections.
Onioncfg should read configuration parameters from its config file and apply them to tor through the control interface via the unix domain socket when tor is started. Only then can tor bootstrap, with a known configuration state.
Onioncfg can either be a service, or invoked by systemd with tor. Adding a running service seems heavy unless we can think of other things onioncfg can do.
The onioncfg GUI could be configured to appear at boot in the following circumstances:
Aside from this, the onioncfg GUI can be opened via command line, application search, or gnome shell Tor control sub-menu
Hmm - somewhere we could maybe do inotify on the config file, or just make a small indication to the user that Tor needs to be manually restarted..
The text was updated successfully, but these errors were encountered: