How is that not for users?
I want to test CWTCH on Whonix, as you mentioned two weeks ago, “Testers wanted!”.
To do that I need to add the corresponding onion-grater profile. And I want to do it in a more secure way, so my test of CWTCH will be on a separate workstation. To make sure onion-grater indeed only whitelists tor commands from that workstation, changing the hosts directive is required.
The question is specific and is based on many hours of reading and digging into this subject. I will appreciate an answer. Of course, I will be happy to detail my experience of testing CWTCH for the benefit of others.