Add graphical user login manager

clipos / bugs

CLIP OS issue tracker

https://clip-os.org

28 stars 1 forks source link

Add graphical user login manager #40

Open travier-anssi opened 4 years ago

travier-anssi commented 4 years ago

[ ] Add graphical user login manager for users
- [ ] Required: Wayland and Wayland session support
- [ ] Nice to have: support for network management
- [ ] Nice to have: support for Kerberos based (sssd) login
[ ] Daemon and systemd unit hardening
[ ] Keep CONFIG_FB and CONFIG_VT enabled in kernel config only for instrumented or non-graphical builds, and document why (see this)

krishjainx commented 2 years ago

@travier-anssi Hi. " Keep CONFIG_FB and CONFIG_VT enabled in kernel config only for instrumented or non-graphical builds" you mean "graphical" ? Or non graphical?

nbouchinet-anssi commented 2 years ago

Hi, we mean non-graphical, disabling them reduces attack surface, unlike graphical builds, non-graphical ones needs it for man-machine interface. Instrumented builds are purposed for testing and should never be used in production, hence you can uses those options for debugging.

krishjainx commented 2 years ago

@nbouchinet-anssi Ah, thank you. How would I for example disable CONFIG_FB and still be able to use gnome on my AMD iGPU + NVIDIA GPU (proprietary driver) machine? These are really the only two hardening recommendations I don't get. Note: Want to be able to use gnome (wayland)

nbouchinet-anssi commented 2 years ago

CLIP OS does not currently support any hardware profile, I will not be able to give you an answer since your issue is related to your AMD iGPU and NVIDIA GPU, I however recommend you to take a look to the aforementioned link and to the various blogs about CONFIG_{VT,FB} deprecation.

May I ask you what security recommendations you are referring to ?