Adds the hardened profile based on this guide
and also on secureblue.
Removals:
droid-on-nix
nur
firefox
Features:
use the memory allocator scudo, protecting against some buffer overflow exploits
prevent kernel modules to be loaded after boot
protect against rewriting kernel image
increase containers/virtualization protection at a performance cost (L1 flush or page table isolation)
apparmor is enabled by default
many filesystem modules are forbidden because old/rare/not audited enough
firewall: block any incoming traffic
clamav antivirus
firejail: run programs to restrict its permissions and rights.
This is rather important to run web browsers with it because it will prevent them any
access to the filesystem except ~/Downloads and a few required directories
(local profile, /etc/resolv.conf, font cache etc...).
Adds the hardened profile based on this guide and also on
secureblue
.Removals:
droid-on-nix
nur
firefox
Features:
scudo
, protecting against some buffer overflow exploits~/Downloads
and a few required directories (local profile,/etc/resolv.conf
, font cache etc...).chromium
tor-browser
signal-desktop
keepassxc
mpv
transmission-gtk