(originally from my proposal on moby/moby#17142 (comment) but generic)
The profile would generate artificats of an apparmor profile and seccomp filters.
Obviously doesn't have to be toml since that's super hipster :p
Assumptions
aa-genprof it is never
It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.
We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".
Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.
Install dependencies:
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
This is a follow-up to this discussion: Can NAT traversal be Tor's killer feature?
If torrents are P2P's killer application, and NAT traversal/"static IP" are Tor's (via hidden services), putting them together could prove to be the best incentivization scheme for growing the Tor network other than cold crypto cash.
Everybody knows you're not supposed to use torrents with tor, right?