As @adrelanos suggested on the Whonix forum, it would be desirable to implement a Linux Namespaces wrapper for Horklump, so that even if a malicious tracee escapes from the ptrace sandbox, it still won't be able to bypass the proxy.
(This is not a replacement for ptrace, just a defense-in-depth tactic.)
As @adrelanos suggested on the Whonix forum, it would be desirable to implement a Linux Namespaces wrapper for Horklump, so that even if a malicious tracee escapes from the ptrace sandbox, it still won't be able to bypass the proxy.
(This is not a replacement for ptrace, just a defense-in-depth tactic.)