Originally created by Tails on #6081 (Redmine)
Tor probably has one the biggest attack surface exposed by Tails to a network attacker. It also knows the IP that’s being used to connect to the Internet. Therefore, anything is welcome to make it harder, for an attacker, to escalate from “Tor exploited” to “whole system under’s attacker control” or deanonymization.
When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be easily adaptable to contain Tor.
Alternatively, AppArmor confinement should be considered.
Feature Branch: feature/apparmor
Parent Task: #8004 (closed)