GuixSELinuxLUKSno sudo or suchmany apps and environments...

All posts Iska :emacs_thinking: :guix:'s posts Post Back to profile

Guix
SELinux
LUKS
no sudo or such
many apps and environments are chrooted
networked programs also in Xephyr or disconnected from X
guests and nonfree software live in vm
Hopefully coreboot and secure boot? (don't think latter is needed)
no sshd on host unless needed

future setup that'll make "secure"tards seethe :cirno_heh:

Like 21 Jul 2022 at 13:10 | Open on mstdn.starnix.network

12 comments

Sly-Little-Fox(xo)

@iska please no secure boot
I prefer to run nonfree software in firejail also

21 Jul 2022 at 13:18 | Open on md.ilyamikcoder.com

Iska :emacs_thinking: :guix:

@slylittlefox

please no secure boot

Why not?

21 Jul 2022 at 13:19 | Open on mstdn.starnix.network

Sly-Little-Fox(xo)

@iska more pain and no real benefits

21 Jul 2022 at 13:20 | Open on md.ilyamikcoder.com

Iska :emacs_thinking: :guix:

@slylittlefox

I wanna have paranoid level security :akko_derp:

21 Jul 2022 at 14:03 | Open on mstdn.starnix.network

Sly-Little-Fox(xo)

@iska i can't imagine more security than LUKS + Firejail + Xephyr + xsecurelock for locking

21 Jul 2022 at 14:41 | Open on md.ilyamikcoder.com

Iska :emacs_thinking: :guix:

@slylittlefox

firejail

Sounds cool but I don't think I'll use it unless it gets implemented into guix environment.

but yeah it's probably too much "-w-

21 Jul 2022 at 14:50 | Open on mstdn.starnix.network

Sly-Little-Fox(xo)

@iska wdym implemented into guix environment? It just uses cgroups + X isolation

21 Jul 2022 at 15:34 | Open on md.ilyamikcoder.com

翠星石

@iska >running nonfree software at all.
Coreboot is usually all proprietaryied up - you want libreboot.
Secure boot really doesn't beat libreboot Grub with pgp keys.

21 Jul 2022 at 13:27 | Open on freesoftwareextremist.com

drcounelis

@iska use slackware, not conected to the internet sneed :dude_smug: