mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 04:41:33 -05:00
Remove link to archived Kicksecure repository for AppArmor profiles (#254)
* Remove link to deprecated Kicksecure AppArmor profile repo Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> * Add apparmor.d mention as a reference Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> * Remove mentions of Whonix sandboxed app launcher and AppArmor profiles Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com> --------- Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
This commit is contained in:
parent
074f5d1813
commit
cbe365251d
@ -102,6 +102,4 @@ Fedora Workstation and Silverblue's European counterpart. These are rolling rele
|
|||||||
|
|
||||||
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian.
|
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [boot clock randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization), [encrypted swap](https://github.com/Whonix/swap-file-creator), hardened boot parameters, and hardened kernel settings. One downside of Whonix is that it still inherits outdated packages with lots of downstream patching from Debian.
|
||||||
|
|
||||||
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
|
|
||||||
|
|
||||||
Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
|
Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
|
||||||
|
@ -175,10 +175,10 @@ Note that, unlike Android, traditional desktop Linux distributions typically do
|
|||||||
|
|
||||||
### Making Your Own Policies/Profiles
|
### Making Your Own Policies/Profiles
|
||||||
|
|
||||||
You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklist to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference:
|
You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https://github.com/containers/bubblewrap) profiles, and [seccomp](https://docs.kernel.org/userspace-api/seccomp_filter.html) blacklists to have better confinement of applications. This is an advanced and sometimes tedious task, but there are various projects you could use as reference:
|
||||||
|
|
||||||
- [Kicksecure's apparmor-profile-everything](https://github.com/Kicksecure/apparmor-profile-everything)
|
|
||||||
- [Krathalan’s AppArmor profiles](https://github.com/krathalan/apparmor-profiles)
|
- [Krathalan’s AppArmor profiles](https://github.com/krathalan/apparmor-profiles)
|
||||||
|
- [roddhjav's AppArmor profiles](https://github.com/roddhjav/apparmor.d)
|
||||||
- [noatsecure’s SELinux templates](https://github.com/noatsecure/hardhat-selinux-templates)
|
- [noatsecure’s SELinux templates](https://github.com/noatsecure/hardhat-selinux-templates)
|
||||||
- [Seirdy’s bubblewrap scripts](https://sr.ht/~seirdy/bwrap-scripts)
|
- [Seirdy’s bubblewrap scripts](https://sr.ht/~seirdy/bwrap-scripts)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user