classy-giraffe
commented
3 years ago Working on it!
Closed TommyTran732 closed 3 years ago
classy-giraffe
commented
3 years ago Working on it!
TommyTran732
commented
3 years ago Would be great if you could have a look at https://github.com/classy-giraffe/easy-arch/pull/14
I think the setup script should also auto setup some security beyond disk encryption.
A MAC system is important for security, but a lot of new users actually forget to set it up (which does not help by the fact that a lot of guides completely ignore this topic). On Arch, it seems like AppArmor is the only mature and readily available MAC system. SELinux on Arch is still a WIP and doesn't seem to have a default targetted policies like Fedora/Red Hat, and I have never seen any major linux distros using Tomoyo. AppArmor is also needed to confine Snap packages should the user choose to install them. Thus, I think we should just install and enable AppArmor out of the box. What do you think?