unshare in Whonix

Is unshare to run applications in a different namespace useful for additional hardening?

I’m not educated enough on the topic but does running applications that do not require networking or time in a separate namespace provide any additional benefits?

user@host:~$ unshare -r -n
root@host:~# ip a
1: lo: mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
root@host:~# curl ifconfig.me
curl: (6) Could not resolve host: ifconfig.me

I made an attempt to make applications automatically launch using the unshare arguments by editing the XDG desktop entries but I can’t confirm if it works. What does someone more knowledgeable than me think? is it at all beneficial in preventing an attacker from phoning home or likewise.

Small benefit perhaps - if it can be used to socksify connections (which I haven’t looked up if unshare can do it but it doesn’t look trivial to research): better stream isolation.

What’s stream isolation? See:

downside perhaps: Higher attack surface?

In summary: I am not aware of any research on this topic anywhere and none should be expected to happen.

A better answer might be available by applying the Free Support Principle. You’d need to rephrase this question without Whonix being involved and ask elsewhere. In other words, the question is mostly unspecific to Whonix.

Phoning home specifically, I wouldn’t know why. Because that is about running untrusted programs and then selectively blocking certain aspects of it which conceptually isn’t a reliable process (unless crude stuff such as blocking all networking).



isolating proxy:

transparent proxy:

You could configure Whonix to be an isolating proxy instead of transparent proxy.

You’ll find all of that here:

Much better documented, easier and actionable security hardening advice can be found here:

1 Like

Thank you Patrick!

I will re-read the documented additional hardening to see if I missed anything. :slight_smile: