Implement high security boot option
|Reported by:||kallisti5||Owned by:||nobody|
Description (last modified by )
A configurable boot option to enable "high security" might be neat.
Such a setting could:
- Disable all writable non-packaged directories (where lib's and add-ons could be injected.. we kind of have this already via disable user addons? Not sure if that will prevent *every* use of the non-packaged directories though)
- Wipe tmp on boot
- future: Whitelisting of package sources + trusted vendors as pkgman supports it.
- Etc, as we think of features.
Just a random thought in passing :-)