You are not logged in.
This discussion is both a question (I don't understand all of the details) and a place to discuss the relative merits of each system kernel. I hope it will be an enjoyable discussion.
I've installed the default hardened Arch kernel in a VM here and it seems very stable, but I have noticed that trying to bubblewrap browsers is impossible without crippling the security of the kernel, and that's one of a thousand things I'd like to welcome open discussion on here.
I'm also curious if and how it could be improved. I've been looking into microkernels, does the given hardened-arch kernel we have count as a microkernel? If not, why not?
Thanks and I hope you have a nice day.
Offline
You may see standard linux/linux-hardened/linux-lts/linux-zen kernel packages compile settings by copying and extracting configuration file from /proc/config.gz when running all of this kernels and then compare them, for example by diff.
Bubblewrap browsers not work in hardened kernel maybe because of this different settings between hardened and the rest of kernels:
sysctl kernel.unprivileged_bpf_disabled
sysctl kernel.unprivileged_userns_cloneI have always heard that Linux kernel is monolithic with modules, not micro-kernel. Minix3, QNX have micro-kernels. Linux have too much in it's kernel to be micro-kernel; you can even see this by it's size when you download it.
Last edited by xerxes_ (2022-10-15 17:45:22)
Offline