In theory - we could save some Whonix-Gateway RAM by using a mechanism similar to https://github.com/Whonix/anon-ws-disable-stacked-tor / https://www.whonix.org/wiki/Dev/anon-ws-disable-stacked-tor using systemd-socket-proxyd
(systemd listens with a stub port and starts the actual service on demand) but this clashes with Tor, which has:
- usually just one global config file
- usually only one Tor ControlPort
- usually only one Tor state folder (which contains Tor entry guards)
Does Whonix-Gateway RAM use less RAM with less open ports by Tor?
If there is something to it, we could perhaps auto generate Tor config and only on demand add ports to Tor’s config (when an application tried to use them) and then sudo systemctl reload tor@default
after config update.
Or if we want to follow https://www.whonix.org/wiki/Tor_Entry_Guards#Increase_Protection_from_Malicious_Entry_Guards:_One_Guard_per_Application we could start a new Tor instance per application on demand. Still wouldn’t know how to handle the Tor ControlPort in that case. Perhaps only ControlPort for applications where we know these are going to use it.
[Any disk space issues with that due to multiple Tor state folders? ~ 7 MB per Tor data folder.]