Jump to content
Not connected, Your IP: 3.15.239.50

Leaderboard


Popular Content

Showing content with the highest reputation on 09/21/23 in Posts

  1. 1 point
    Hi, I change password without signs and now works. Thank You for help.
  2. 1 point
    Hello! There is a bug affecting Eddie Android edition and causing a crash, but not a login failure, when the symbol % is in the username and not in the password. Anyway, please try to wipe out all the @, # and $ characters and check whether something changes or not. Kind regards
  3. 1 point
    For compartmentalization or for sandboxing I would go straight to Jails, solving some problems with current approach of simple & single network namespace Suite designers are having with browsers. Jails are very powerful yet easy to configure and maintain and quite light. Just to say, you can run jails inside a jail, you can have vnet, you can run pf and bhyve (the FreeBSD powerful type 2 hypervisor) inside a jail, full ZFS support and much more. For the fine grained "capabilities", if the old MAC modules and trustedBSD are not enough (they offer something like 400 different, specific privileges), then I would say capsicum, which "hybridizes a true capability-system model with a Unix design and POSIX API" in contrast to Linux "capabilities" which don't. In reality they sound more like privileges oddly renamed as "capabilities" in one of the Linux twists of names and features (here I will save you from other Linux horrors because such horrors are caused by distributions jungle and not by the kernel itself). capsicum compares to Linux seccomp as well but it is definitely superior as you might see. A more comprehensive and I would say pleasant overview of Unix sandboxing techniques was illustrated in 2017 in this (in my opinion) good looking article. https://freebsdfoundation.org/wp-content/uploads/2017/10/A-Comparison-of-Unix-Sandboxing-Techniques.pdf In the above article you can find a couple of paragraphs emblematic to understand the choice by Suite designers and probably instrumental to the OP (your) question: I guess that's all clear now. In other words: if Suite designers want to keep traffic splitting as simple as requiring a single network namespace (I guess (?) to avoid the serious problem caused by Mullvad's cgroups based solution), with or without true process isolation / boosted virtualization they anyway need CAP_SYS_ADMIN for cuckoo tool. Here you can understand the need for precautions too, crucially and obviously: forbidding root running, dropping setuid privileges, setting the privileges of the user running cuckoo itself. All the best! -- revsplus
  4. 1 point
    While Eddie NOT running, check into System Preferences --> Network --> <your_network_connection_like_Ethernet_or_WLAN> --> DNS. On the left side is a box for "DNS servers". Are there any entries, that can be deleted? If yes, delete them, then press Apply. Hope this helps.
  5. 1 point
    fschaeck

    Hummingbird unofficial Docker image

    Well… after a couple of days digging deeper into the source code, I was able to make hummingbird 1.1.2 compile and run in a Docker container with working network lock. Clone my fork from https://gitlab.com/fschaeckermann/hummingbird.git and read instructions in README.md I made it compile under Alpine Linux as well, but iptables seems to misbehave in some breaking way. Therefore the Alpine image is not really usable yet. @whiteowl3: I shamelessly copied your work and incorporated it in the Dockerfile - tini and entrypoint.sh and healthcheck.sh including. The client is actually issuing modprobe and iptables commands to create the network lock (using iptables-legacy, maybe that was the reason you couldn’t see any rules?). I haven’t tested with nftables or pf. That might even work under alpine… Also, if ipv6 gets in the picture, things go haywire! But ipv6 and Docker is an altogether different can of worms…. Have fun! And post your results here if you like.
×
×
  • Create New...