Noino

You seem to have a couple of truncated onion addresses here. The oniux GitLab repo is here (Clearnet The Tor Project / Core / oniux · GitLab). The curl command example has what looks like the first 53 characters of an onion address too.

Also, for users who do not have cargo set up to resolve .onion addresses you may want to explain how this is done as cargo install --git http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/core/oniux on my system results in a DNS error failed to resolve address.

Anyhow, after updating my rust toolchain (1.69.0 resulting in a dependency issue) I managed to build and install oniux. I look forward to trying out this utility, it looks very useful.

I just tried oniux wget -O - https://check.torproject.org and got

!doctype html>
<html lang="en_US">
<head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>
    
      Congratulations. This browser is configured to use Tor.
...

oniux-curl

Are you using an old or patched version of curl?

curl refuses to resolve .onion domains to avoid leakage:

• Impossible to use `curl` to resolve `.onion` addresses using Tor Project's `oniux` tool · Issue #17363 · curl/curl · GitHub
• Curl leaks .onion hostnames in DNS · Issue #543 · curl/curl · GitHub

BeatlesNo1

I got those errors while trying using oniux hexchat:

2025-05-16T12:36:19Z DEBUG oniux] spawned onion-tunnel thread
thread '<unnamed>' panicked at src/main.rs:174:18:
called `Result::unwrap()` on an `Err` value: ArtiSetup(Error { detail: StateMgrSetup(Error { source: Inaccessible(BadOwner("/", 65534)), action: Initializing, resource: Directory { dir: "/home/dirtyoldman/.local/share/arti/state" } }) })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'main' panicked at src/main.rs:136:22:
called `Result::unwrap()` on an `Err` value: No such file or directory (os error 2)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'main' panicked at core/src/panicking.rs:221:5:
panic in a function that cannot unwind
stack backtrace:
   0:     0x5d24ed3ef36a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h304520fd6a30aa07
   1:     0x5d24ed41ad5b - core::fmt::write::hf5713710ce10ff22
   2:     0x5d24ed3eb7a3 - std::io::Write::write_fmt::hda708db57927dacf
   3:     0x5d24ed3f07f2 - std::panicking::default_hook::{{closure}}::he1ad87607d0c11c5
   4:     0x5d24ed3f045e - std::panicking::default_hook::h81c8cd2e7c59ee33
   5:     0x5d24ed3f107f - std::panicking::rust_panic_with_hook::had2118629c312a4a
   6:     0x5d24ed3f0d33 - std::panicking::begin_panic_handler::{{closure}}::h7fa5985d111bafa2
   7:     0x5d24ed3ef849 - std::sys::backtrace::__rust_end_short_backtrace::h704d151dbefa09c5
   8:     0x5d24ed3f09f4 - rust_begin_unwind
   9:     0x5d24ec773fd5 - core::panicking::panic_nounwind_fmt::hc0ae93930ea8f76c
  10:     0x5d24ec774062 - core::panicking::panic_nounwind::h9f485ff9b02bac75
  11:     0x5d24ec7741a6 - core::panicking::panic_cannot_unwind::hea865182d7ce50af
  12:     0x5d24ed2f9f36 - nix::sched::sched_linux_like::clone::callback::h7d99c497d382c0d3
  13:     0x7ca9ce138684 - clone
  14:                0x0 - <unknown>
thread caused non-unwinding panic. aborting.

Any suggestions?

1 reply

colonthree

This is a great project. Thank you for putting in the work.

I am currently behind a fascist firewall. There doesn’t seem to be a way to instruct oniux to only try ports 80 and 443 right now. Some configuration options would be nice.

1 reply

trinity-1686a

it looks like /, the root of your filesystem, isn’t owned by root (the super-admin user). Arti, and by extension oniux, makes sure its files can only be mangled by the current user and root. Any idea why / wouldn’t be owned by root? This seems like a strange setup, likely to cause issues with more than Arti.

This can mean any number of things. It could indicate the command you tried to run couldn’t be found in your PATH. Could you run the command again with RUST_LOG=debug, to help identify at which step this error was emitted?

1 reply

trinity-1686a

Sadly oniux doesn’t have any knobs to turn at this point. I’ve opened oniux#13 so that eventually it will cover your use case

BeatlesNo1

My setup is the usual setup of CachyOS with their graphical installer. Here is output with RUST_LOG=debug:

oniux RUST_LOG hexchat
thread 'main' panicked at src/main.rs:136:22:
called `Result::unwrap()` on an `Err` value: No such file or directory (os error 2)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'main' panicked at core/src/panicking.rs:221:5:
panic in a function that cannot unwind
stack backtrace:
   0:     0x5a1d725b836a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h304520fd6a30aa07
   1:     0x5a1d725e3d5b - core::fmt::write::hf5713710ce10ff22
   2:     0x5a1d725b47a3 - std::io::Write::write_fmt::hda708db57927dacf
   3:     0x5a1d725b97f2 - std::panicking::default_hook::{{closure}}::he1ad87607d0c11c5
   4:     0x5a1d725b945e - std::panicking::default_hook::h81c8cd2e7c59ee33
   5:     0x5a1d725ba07f - std::panicking::rust_panic_with_hook::had2118629c312a4a
   6:     0x5a1d725b9d33 - std::panicking::begin_panic_handler::{{closure}}::h7fa5985d111bafa2
   7:     0x5a1d725b8849 - std::sys::backtrace::__rust_end_short_backtrace::h704d151dbefa09c5
   8:     0x5a1d725b99f4 - rust_begin_unwind
   9:     0x5a1d7193cfd5 - core::panicking::panic_nounwind_fmt::hc0ae93930ea8f76c
  10:     0x5a1d7193d062 - core::panicking::panic_nounwind::h9f485ff9b02bac75
  11:     0x5a1d7193d1a6 - core::panicking::panic_cannot_unwind::hea865182d7ce50af
  12:     0x5a1d724c2f36 - nix::sched::sched_linux_like::clone::callback::h7d99c497d382c0d3
  13:     0x72b11dd38684 - clone
  14:                0x0 - <unknown>
thread caused non-unwinding panic. aborting.

~
❯ RUST_LOG=debug oniux hexchat
[2025-05-20T18:46:58Z DEBUG oniux::mount] mounted `/` with `MsFlags::MS_PRIVATE`
[2025-05-20T18:46:58Z DEBUG oniux::mount] mounted `procfs` at `"/proc"`
[2025-05-20T18:46:58Z DEBUG oniux] finished mount namespace setup
[2025-05-20T18:46:58Z DEBUG oniux::user] setgroups false
[2025-05-20T18:46:58Z DEBUG oniux::user] mapped UID 1000 to 1000
[2025-05-20T18:46:58Z DEBUG oniux::user] mapped GID 1000 to 1000
[2025-05-20T18:46:58Z DEBUG oniux] finished user namespace mappings
[2025-05-20T18:46:58Z DEBUG oniux] created temporary resolv.conf(5) at "/tmp/.tmpnEh3yZ"
[2025-05-20T18:46:58Z DEBUG oniux::mount] created bind mount "/tmp/.tmpnEh3yZ" -> "/etc/resolv.conf"
[2025-05-20T18:46:58Z DEBUG oniux] mounted "/tmp/.tmpnEh3yZ" to /etc/resolv.conf
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created netlink socket to find onion0
[2025-05-20T18:46:58Z WARN  netlink_packet_route::link::buffer_tool] Specified IFLA_INET6_ICMP6STATS NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 48, got 56
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created socket for adding an IP address to 2
[2025-05-20T18:46:58Z DEBUG oniux::netlink] added IP to 2
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created socket for adding an IP address to 2
[2025-05-20T18:46:58Z DEBUG oniux::netlink] added IP to 2
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created netlink socket to set 2 UP
[2025-05-20T18:46:58Z DEBUG oniux::netlink] setted interface 2 to UP
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created socket for adding default gateway for Inet
[2025-05-20T18:46:58Z DEBUG oniux::netlink] added default gateway Inet
[2025-05-20T18:46:58Z DEBUG oniux::netlink] created socket for adding default gateway for Inet6
[2025-05-20T18:46:58Z DEBUG oniux::netlink] added default gateway Inet6
[2025-05-20T18:46:58Z DEBUG oniux] finished setting up networking
[2025-05-20T18:46:58Z DEBUG oniux] dropped all capabilites
[2025-05-20T18:46:58Z DEBUG oniux] sent TUN device
[2025-05-20T18:46:58Z DEBUG oniux] received TUN file descriptor
[2025-05-20T18:46:58Z DEBUG oniux] spawned onion-tunnel thread
thread 'main' panicked at src/main.rs:136:22:
called `Result::unwrap()` on an `Err` value: No such file or directory (os error 2)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'main' panicked at core/src/panicking.rs:221:5:
panic in a function that cannot unwind
stack backtrace:
   0:     0x55e56cf6e36a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h304520fd6a30aa07
   1:     0x55e56cf99d5b - core::fmt::write::hf5713710ce10ff22
   2:     0x55e56cf6a7a3 - std::io::Write::write_fmt::hda708db57927dacf
   3:     0x55e56cf6f7f2 - std::panicking::default_hook::{{closure}}::he1ad87607d0c11c5
   4:     0x55e56cf6f45e - std::panicking::default_hook::h81c8cd2e7c59ee33
   5:     0x55e56cf7007f - std::panicking::rust_panic_with_hook::had2118629c312a4a
   6:     0x55e56cf6fd33 - std::panicking::begin_panic_handler::{{closure}}::h7fa5985d111bafa2
   7:     0x55e56cf6e849 - std::sys::backtrace::__rust_end_short_backtrace::h704d151dbefa09c5
   8:     0x55e56cf6f9f4 - rust_begin_unwind
   9:     0x55e56c2f2fd5 - core::panicking::panic_nounwind_fmt::hc0ae93930ea8f76c
  10:     0x55e56c2f3062 - core::panicking::panic_nounwind::h9f485ff9b02bac75
  11:     0x55e56c2f31a6 - core::panicking::panic_cannot_unwind::hea865182d7ce50af
  12:     0x55e56ce78f36 - nix::sched::sched_linux_like::clone::callback::h7d99c497d382c0d3
  13:     0x7129e1d38684 - clone
  14:                0x0 - <unknown>
thread caused non-unwinding panic. aborting.

All commands except hexchat work fine.

1 reply

trinity-1686a

have you installed hexchat? i tried installing CachyOS, and i get the same error before install hexchat, but it works fine after a quick sudo pacman -S hexchat

1 reply

BeatlesNo1

That was it! thank you!

clown

Everyone should please be aware that Hexchat is no longer in development by the original guy/gal, AFAIK it is unmaintained at the moment.

toralf

gives

curl: (6) Not resolving .onion address (RFC 7686)

here

frozen

Didn’t work for me on Ubuntu 25.04, first of all the guide says “Once that is done you are ready to start using it!” but I had to look for it, it’s somewhere in the release folder, but once found I attempt to use the curl test in the guide:

Does it need root access?

2 replies

toralf

And why does it mount something???

1 reply

ch1ffr3punk

Works nicely under Windows 11 / WSL2.

trinity-1686a

oniux leverage unprivileged user namespaces to setup namespaces without the need for root access. Sadly that feature is disabled on recent Ubuntu. Supporting environment without unprivileged user namespaces is still work in progress.

This is a common pattern amongst container and container-adjacent technologies to hide/modify a file as perceived from inside without actually modifying (or even having the permission to modify) that file from the outside. In oniux’s case, the specific paths that are shadowed that way are /etc/resolv.conf and the procfs. You can see that by running something like diff <(mount | sort) <(oniux mount | sort) (assuming oniux works for you).

anon18097200

I didn’t try but it seems to me that we should better attempt the experiment on an unstable _ sid.
I have trouble understanding what it brings if not a configuration or a command line startup, which I don’t like: it smells like an amateur’s fantasy and may be aware of the vulnerabilities of his approach.
has this been brought to the attention of the developers of my distribution?
is it only to be integrated into tails/qubes/whonix/alpine (and others …)?
one cannot reasonably undertake a shortcut or innovate without precautions, each attempt (successful or failed) can be catastrophic in terms of the consequences.
to follow therefore, but without real details, I do not adhere.

alg

ensure you have following in your sysctl :

kernel.unprivileged_userns_clone = 1
kernel.apparmor_restrict_unprivileged_userns = 0

1 reply

gabrix73

Same here, Arch linux, mutt as alias for oniux mutt:

gabriel¹@xnibiru73 ~ $ mutt

thread 'main' panicked at src/main.rs:136:22:
called `Result::unwrap()` on an `Err` value: netlink failed for unknown reasons adding IP to 2
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

thread 'main' panicked at library/core/src/panicking.rs:218:5:
panic in a function that cannot unwind
stack backtrace:
   0:     0x5ccac48f4610 - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h6d42cc84fc840290
   1:     0x5ccac4921443 - core::fmt::write::h5af61a909e3ec64d
   2:     0x5ccac48f05d3 - std::io::Write::write_fmt::h5a7b54aa6e4a315d
   3:     0x5ccac48f4462 - std::sys::backtrace::BacktraceLock::print::h555579e7396c26ac
   4:     0x5ccac48f56af - std::panicking::default_hook::{{closure}}::h9128866118196224
   5:     0x5ccac48f551a - std::panicking::default_hook::h52e9e7314e0255f6
   6:     0x5ccac48f6052 - std::panicking::rust_panic_with_hook::h541791bcc774ef34
   7:     0x5ccac48f5dc6 - std::panicking::begin_panic_handler::{{closure}}::h6479a2f0137c7d19
   8:     0x5ccac48f4b29 - std::sys::backtrace::__rust_end_short_backtrace::ha04e7c0fc61ded91
   9:     0x5ccac48f5a8d - rust_begin_unwind
  10:     0x5ccac3b8971d - core::panicking::panic_nounwind_fmt::h6a24774852878975
  11:     0x5ccac3b897b2 - core::panicking::panic_nounwind::hbbbf5b15de703440
  12:     0x5ccac3b898d6 - core::panicking::panic_cannot_unwind::h8c0d27499c4c90fa
  13:     0x5ccac47fcd16 - nix::sched::sched_linux_like::clone::callback::h9665fea27dde327a
  14:     0x7bb1a151a834 - __clone
  15:                0x0 - <unknown>
thread caused non-unwinding panic. aborting.