Do you set up apparmor/selinux/secureboot on your arch system?
How do i set up app armor on nix
What's the usecase of Secure Boot?
>>106993779Bootkits
>>106993779Taking control way from the owner of the computer (real)"Protecting users against the totally real danger of strangers sneaking into their home, installing a custom firmware or replacing boot.efi with a counterfeit" (fake)
>>106993199For both SELinux and AppArmor I cannot find enough tutorials and resources that are fast easy to digest.Especially when it comes to more advanced uses like filtering D-Bus etc. and SELinux is a bit harder to compile policies into the system.If I could have I would have setup a very tight SELinux/AppArmor profile on my computer to ensure nothing in the home dotfiles gets replaced by apps that shouldn't have access to each others configuration.Secureboot, yes absolutely.
>>106993889It's either decking out SELinux/AppArmor or/and flatseal.Or paying every year for sandboxie home so that I can sandbox apps away from each other.So that I don't get pwned/infostealer incident by opening an infected meme image on discord/the web.
>>106993199>Do you set up apparmor/selinux/secureboot on your arch system?Honestly, I'd love to. Yes secureboot is managable, but setting up selinux will give you terminal cancer, if you need/want the extra security of selinux, just use a distro, that has it by default. cia, nsa, android, opensuse and red hat use selinux, lol.>>106993881many people think secureboot is just for windows, but no it's just extra security, why do you complain? Another reason why I have it activated is, because I dual boot for some kernel malware games on windows.
once secureboot is enforced and with no way of disabling it, say goodbye to running linux>j-just run your own keys brovery hard to do, most normies will never do it, and in many computers will brick your motherboard.
>>106993199No use case for that on personal computer
>>106994822just like hardware attest and other schizo delusions like pluton this isn't and will not happen
>>106994204youre not that important for secure boot to ever matter
>>106995281Nice try glowie
>>106995296
>>106995307UKSA/Penal Colony issue
>>106995307lmao
You don't need faparmor or sexlinux if you're not testing or using closed source/potential malware on your system
>>106993881Self-signed secure boot is a thing, you know.
>>106995415lmao>>106994822>j-just run your own keys bro
>>106995437not my fault you didn't do your research before buying
>>106995415iirc you actually have to sign the nvidia driver if you have secureboot activated on arch, not a problem with distros with a license
>>106995281true, but still SELinux is nice to have.
>>106995459and here comes the self sign cope
microshart secure boot, never
>>106995475CachyOS automates this https://wiki.cachyos.org/configuration/secure_boot_setup/
>>106995307Right should be replaced with "we'll pretend we cracked it and found some cp, go grab a pic from our stash"
>>106993199Linux security modules like apparmor or selinux can make 0 day vulnerabilities non exploitable because big kernel man says noSecure boot is worth it as well but you can still poison the init system with secure boot on Linux as far as I know so it only checks the kernel and modules
>>106993199ToT
>>106995415Why bother? I don't want anything to deal with such useless garbage. Surely someone will fucking change my kernel image I compiled myself. How?
>>106993881>"Protecting users against the totally real danger of strangers sneaking into their home, installing a custom firmware or replacing boot.efi with a counterfeit" (fake)Retarded take that's something secureboot CANNOT protect you from, it's to prevent rootkits from booting a kernel you should'nt.
>>106993881This. Simple as.
>>106995264Happening to Android right now you dumb corpo shill
Today i set up shim-signed with disabled validation. Now i can boot into windows with secure boot enabled and enjoy easy dkms modules in Linux without secure boot.
