The Tor Project has unveiled oniux, a new command-line utility designed to deliver robust, kernel-enforced Tor isolation for any Linux application-a significant advancement in the ongoing quest for airtight traffic anonymity and leak prevention in high-risk environments.
Linux namespaces as a security primitive
At the core of oniux is the use of Linux namespaces, a kernel feature introduced in the early 2000s that enables fine-grained isolation of system resources such as networking, processes, and mounts. By leveraging these primitives, oniux can “containerize” individual applications, ensuring their network activity is entirely segregated from the host system and routed exclusively through the Tor network.
How Oniux works
Oniux operates by spawning a child process using the clone(2) syscall, creating isolated network, mount, PID, and user namespaces. The process then:
- Mounts its own
/procand maps UIDs/GIDs to match the parent. - Injects a custom
/etc/resolv.confvia a mount namespace, ensuring all DNS queries are resolved through Tor. - Utilizes onionmasq to create a TUN interface (
onion0), which is configured and passed to the parent process for Tor-bound traffic routing. - Drops all elevated privileges after setup, minimizing attack surface.
- Executes the target application within this sandboxed environment, guaranteeing that all network traffic is forced through Tor, with no access to the host’s real network interfaces.
Why Oniux over Torsocks?
Traditional tools like torsocks intercept network-related libc calls and redirect them through Tor’s SOCKS proxy. However, this approach is vulnerable: applications may bypass libc (intentionally or not) using raw system calls, leading to potential leaks. Torsocks is also ineffective for static binaries and does not provide true kernel-level isolation-the application can still see and potentially use the host’s network interfaces.
Oniux, in contrast, enforces isolation at the kernel level, making it impossible for applications-even malicious or misconfigured ones-to route traffic outside of Tor. This is especially relevant for threat models involving adversarial binaries or research tools not designed with privacy in mind.
Comparison table: Oniux vs. Torsocks
| Feature | Oniux | Torsocks |
|---|---|---|
| Standalone application | Yes | No, requires running Tor daemon |
| Isolation method | Linux namespaces (kernel-level) | LD_PRELOAD hack (user-space) |
| Application compatibility | All Linux applications | Only those using libc for networking |
| Leak prevention | Kernel-enforced, even against raw syscalls | Vulnerable to raw syscalls, static binaries |
| Platform support | Linux only | Cross-platform |
| Maturity | New, experimental | 15+ years, battle-tested |
| Tor engine | Arti (Rust) | CTor (C) |
| Implementation language | Rust | C |
Deployment and use cases
Oniux is particularly well-suited for scenarios where privacy is paramount-activist operations, investigative journalism, and sensitive research. Typical usage includes routing CLI tools (e.g., oniux curl http://example.onion), “torifying” an entire shell session (oniux bash), or running GUI applications over Tor in desktop environments (oniux hexchat).
Installation and status
Oniux is open-source and available via GitLab. Installation requires a Linux system with the Rust toolchain; users can install it using:
cargo install --git https://gitlab.torproject.org/tpo/core/oniux oniux@0.4.0
Caveats and future directions
While oniux offers a compelling security model, the project is still experimental. It relies on newer Tor components (Arti and onionmasq) and has not undergone the extensive real-world testing that torsocks has accumulated over more than a decade. The Tor Project encourages experts and enthusiasts to test oniux, report issues, and contribute to its maturation.
Oniux represents a significant leap in the practical enforcement of network anonymity on Linux, harnessing kernel features to provide what is arguably the most robust software-based Tor isolation available today. For cybersecurity professionals and privacy advocates, oniux is a tool to watch-and to test-as it evolves toward production-grade reliability.