Should strict stream isolation by a requirement in Whonix's Default Application Policy?

@iry Sometime back I outlined a standardized way we can use to safely force applications that don’t support stream isolation to work safely under Tor: Managing programs without Tor DNS Support / orjail

How difficult would you find such a project?

PS. Since firejail was recently re-mentioned could it work here since it could give each sandboxed application its own virtualized namespace?

2 Likes