Opened 5 years ago
Last modified 5 years ago
#14723 new enhancement
Implement high security boot option — at Version 2
| Reported by: | kallisti5 | Owned by: | nobody |
|---|---|---|---|
| Priority: | low | Milestone: | Unscheduled |
| Component: | System | Version: | R1/Development |
| Keywords: | security selinux | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
A configurable boot option to enable "high security" might be neat.
Such a setting could:
- Disable all writable non-packaged directories (where lib's and add-ons could be injected.. we kind of have this already via disable user addons? Not sure if that will prevent *every* use of the non-packaged directories though)
- Wipe tmp on boot
- future: Whitelisting of package sources + trusted vendors as pkgman supports it.
- Etc, as we think of features.
Just a random thought in passing :-)
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
tbh, at some point this should be the default. And we should add a "I know what I'm doing" mode.