Do you set up apparmor/selinux/secureboot on your arch system?
How do i set up app armor on nix
What's the usecase of Secure Boot?
>>106993779Bootkits
>>106993779Taking control way from the owner of the computer (real)"Protecting users against the totally real danger of strangers sneaking into their home, installing a custom firmware or replacing boot.efi with a counterfeit" (fake)
>>106993199For both SELinux and AppArmor I cannot find enough tutorials and resources that are fast easy to digest.Especially when it comes to more advanced uses like filtering D-Bus etc. and SELinux is a bit harder to compile policies into the system.If I could have I would have setup a very tight SELinux/AppArmor profile on my computer to ensure nothing in the home dotfiles gets replaced by apps that shouldn't have access to each others configuration.Secureboot, yes absolutely.
>>106993889It's either decking out SELinux/AppArmor or/and flatseal.Or paying every year for sandboxie home so that I can sandbox apps away from each other.So that I don't get pwned/infostealer incident by opening an infected meme image on discord/the web.
>>106993199>Do you set up apparmor/selinux/secureboot on your arch system?Honestly, I'd love to. Yes secureboot is managable, but setting up selinux will give you terminal cancer, if you need/want the extra security of selinux, just use a distro, that has it by default. cia, nsa, android, opensuse and red hat use selinux, lol.>>106993881many people think secureboot is just for windows, but no it's just extra security, why do you complain? Another reason why I have it activated is, because I dual boot for some kernel malware games on windows.
once secureboot is enforced and with no way of disabling it, say goodbye to running linux>j-just run your own keys brovery hard to do, most normies will never do it, and in many computers will brick your motherboard.
>>106993199No use case for that on personal computer
>>106994822just like hardware attest and other schizo delusions like pluton this isn't and will not happen
>>106994204youre not that important for secure boot to ever matter
>>106995281Nice try glowie
>>106995296
>>106995307UKSA/Penal Colony issue
>>106995307lmao
You don't need faparmor or sexlinux if you're not testing or using closed source/potential malware on your system
>>106993881Self-signed secure boot is a thing, you know.
>>106995415lmao>>106994822>j-just run your own keys bro
>>106995437not my fault you didn't do your research before buying
>>106995415iirc you actually have to sign the nvidia driver if you have secureboot activated on arch, not a problem with distros with a license
>>106995281true, but still SELinux is nice to have.
>>106995459and here comes the self sign cope
microshart secure boot, never
>>106995475CachyOS automates this https://wiki.cachyos.org/configuration/secure_boot_setup/
