Opened 6 years ago
Last modified 6 years ago
#14723 new enhancement
Implement high security boot option — at Initial Version
| Reported by: | kallisti5 | Owned by: | nobody |
|---|---|---|---|
| Priority: | low | Milestone: | Unscheduled |
| Component: | System | Version: | R1/Development |
| Keywords: | security selinux | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
A configurable boot option to enable "high security" might be neat.
Such a setting could:
- Disabling all writable non-packaged directories (where lib's and add-ons could be injected.. we kind of have this already via disable user addons? Not sure if that will prevent *every* use of the non-packaged directories though)
- Wipe tmp on boot
- future: Whitelisting of package sources + trusted vendors as pkgman supports it.
- Etc, as we think of features.
Just a random thought in passing :-)
Note:
See TracTickets
for help on using tickets.
