I think the setup script should also auto setup some security beyond disk encryption.
A MAC system is important for security, but a lot of new users actually forget to set it up (which does not help by the fact that a lot of guides completely ignore this topic). On Arch, it seems like AppArmor is the only mature and readily available MAC system. SELinux on Arch is still a WIP and doesn't seem to have a default targetted policies like Fedora/Red Hat, and I have never seen any major linux distros using Tomoyo. AppArmor is also needed to confine Snap packages should the user choose to install them. Thus, I think we should just install and enable AppArmor out of the box. What do you think?
I think the setup script should also auto setup some security beyond disk encryption.
A MAC system is important for security, but a lot of new users actually forget to set it up (which does not help by the fact that a lot of guides completely ignore this topic). On Arch, it seems like AppArmor is the only mature and readily available MAC system. SELinux on Arch is still a WIP and doesn't seem to have a default targetted policies like Fedora/Red Hat, and I have never seen any major linux distros using Tomoyo. AppArmor is also needed to confine Snap packages should the user choose to install them. Thus, I think we should just install and enable AppArmor out of the box. What do you think?