Open apyrgio opened 1 month ago
What is the feature you think should be a good addition to Dangerzone?
Take advantage of the more secure App Sandbox macOS entitlement: https://developer.apple.com/documentation/security/app-sandbox
Is your feature request related to a problem? Please describe.
This suggestion came up during a security audit by IncludeSecurity. Read more about in L1: [macOS] Opportunities for macOS Client Entitlements Hardening.
Additional context
We have successfully removed some lax macOS entitlements, but adding the App Sandbox one proved difficult, due to the fact that Dangerzone needs access to the Docker socket. Read more in https://github.com/freedomofpress/dangerzone/pull/639
What is the feature you think should be a good addition to Dangerzone?
Take advantage of the more secure App Sandbox macOS entitlement: https://developer.apple.com/documentation/security/app-sandbox
Is your feature request related to a problem? Please describe.
This suggestion came up during a security audit by IncludeSecurity. Read more about in L1: [macOS] Opportunities for macOS Client Entitlements Hardening.
Additional context
We have successfully removed some lax macOS entitlements, but adding the App Sandbox one proved difficult, due to the fact that Dangerzone needs access to the Docker socket. Read more in https://github.com/freedomofpress/dangerzone/pull/639