Closed dngray closed 3 months ago
dngray
commented
1 year ago Initially I was thinking of doing https://github.com/privacyguides/privacyguides.org/issues/1861, however for most purposes (sandboxing user applications), I think a guide on this makes a lot more sense than creating AppArmor/SELinux policies.
Particularly with the direction of things like Flatpak, etc.
dngray
commented
11 months ago @rusty-snake would you be interested in contributing a blog article on how to use this tool.
I have not used this tool.
I think it could take the form, of an example article demonstrating usage.
rusty-snake
commented
10 months ago Hi, just going through my github todo list. I've interest but unfortunately no time.
dngray
commented
10 months ago What I might do is an article sandboxing some example application, a bit like the hello world examples that Fedora does.
dngray
commented
3 months ago Revisiting this one.
I don't think it's practical to tell people to make their own SELinux or Apparmor Policies. It's a lot of work, and requires testing and a fair bit of background knowledge to troubleshoot. I guess this is why major distributions don't ship policies for everything.
I think a far more user-friendly way of approaching this is is using the Flatpak sandbox permission and strict confinement as Firefox on Ubuntu does. It would seem that while this doesn't cover every application (that's unlikely anyway) unless someone spends a lot of time to do that. More projects now will use the above sandboxing methods. In time we may see something like ConfinedUsers, which in my opinion is a better way to contribute to this if you're interested in that.
Nothing is perfect and expecting users to make ultra tight policies by themselves simply isn't feasible.
Discussed in https://github.com/privacyguides/privacyguides.org/discussions/1364