Closed t3dium closed 1 year ago
I have grpcio 1.50.0 and grpcio-tools 1.50.0 and it works fine with those, can you try that version?
Besides trying @pizzadude's suggestion, please, be sure that the value DefaultAction is set to "deny" in /etc/opensnitchd/default-config.json
You can also try a simple test:
Any of the commands should fail. If they don't, please, post the log file /var/log/opensnitchd.log
If the app crashes or even from a delay in launching at boot, all apps are allowed internet access until opensnitch is opened again, which could open up security issues.
Just set DefaultAction to deny in /etc/opensnitchd/default-config.json. If with that option set to deny apps can still connect to the internet, please, drop a comment with an example and how to reproduce it, and we'll review it.
but it didn't work, not sure if this is a bug, or if the option does something else
I've been reviewing this problem, and the option works fine. But it's a bit confusing, and i'm not sure what's the right thing to do here.
With daemon DefaultAction: allow
and GUI DefaultAction: deny
:
deny
(because GUI's DefaultAction is deny
)
/etc/opensnitchd/default-config.json
DefaultAction is set to allow.
So:
So the question is: GUI's Preferences->Nodes->DefaultAction should reflect the daemon's DefaultAction being used (this is how it works right now), or the one saved in /etc/opensnitchd/default-config.json?
This behaviour was changed here https://github.com/evilsocket/opensnitch/commit/f5bb478c998530193ab3661727d126d184a29402 because of this #489
And probably this behaviour should be documented on the wiki.
Ok, I'll modify the behaviour as follow:
Daemon not connected to the GUI:
/etc/opensnitchd/default-config.json
Daemon connected to the GUI:
At least this way the user will clearly see that daemon's DefaultAction is set to allow
by default (related #896).
closing due to lack of feedback
If the app crashes or even from a delay in launching at boot, all apps are allowed internet access until opensnitch is opened again, which could open up security issues.
i was also looking around in settings and found an option which seemed to do this:
but it didn't work, not sure if this is a bug, or if the option does something else
OS: fedora Version. 1.6.0 (latest as of now)
potentially related to the bug: couldn't install
grpcio==1.16.1
with pip as mentioned in the install guide as it gave segmentation fault's, i instead installed the newest version with pip.