•

SELinux and confined users, make the Linux Desktop more secure

Security enthusiasts wanted: from beginners up to SELinux experts to make up the SELinux "Confined Users (SIG)" to foster Fedora's security capabilities

https://discussion.fedoraproject.org/t/security-enthusiasts-wanted-from-beginners-up-to-selinux-experts-to-make-up-the-selinux-confined-users-sig-to-foster-fedoras-security-capabilities/89127

SELinux provides a strong security measure that can make an SELinux-enabled operating system a type of “fortress”: the so-called “confined users” [1] [2] [3], which add security and isolation capabilities that are in several respects comparable to containers but without many of their restrictions in GUI use cases (this topic is focused on desktop use cases, not server, infra, and such). By default, SELinux does not enforce much within user accounts but only around them. But in graphical desktop...

Security enthusiasts wanted: from beginners up to SELinux experts to make up the SELinux "Confined Users (SIG)" to foster Fedora's security capabilities

33 comments

See all comments

ladyanita22

•

I suggest you check Silverblue + Ansible (or CoreOS/IoT for server stuff).

Neon

•

while i think that ansible is really cool, it's not the same as Nix.

correct me if i'm wrong, but afaik Ansible just modifies the current state of the System with a declarative configuration.

Nix reverts your system back to install and then applies the configuration. The result is that in Nix if i remove something from the configuration.nix it is as if it never existed, whereas on Ansible it stays unless i manually run a task to uninstall it.