Oniux: Kernel-level Tor isolation for any Linux app
a year ago
- #linux
- #tor
- #privacy
- oniux is a command-line utility for Tor network isolation on Linux using kernel-level namespaces.
- It ensures privacy-critical apps route all traffic through Tor, preventing data leaks.
- Linux namespaces isolate system resources like network interfaces, enhancing security.
- oniux differs from torsocks by using kernel features instead of SOCKS proxies, offering better isolation.
- It supports all applications, including static binaries and those not using libc.
- Installation requires a Linux system with Rust; usage is straightforward with commands like 'oniux curl'.
- Internally, oniux uses clone(2), mounts, and TUN interfaces to isolate processes.
- The tool is experimental but aims to match the reliability of long-standing tools like torsocks.
- Credits include smoltcp developers and contributors who helped implement user namespaces properly.
- The Tor Project encourages donations to support privacy and human rights initiatives.