You are not logged in.

Pages: 1

Topic closed

#1 2024-09-22 13:45:25

Captain Athelas
Member
Registered: 2020-05-15
Posts: 37

Best way achieve to achieve application security like other OSes?

Whats the best way to achieve application security like MacOS, iOS, iPadOS or Android on Arch Linux? Currently any program I use has basically full control of over anything my user controls.

To give a bit more context, applications should start with very little permissions. If they want to do anything like the following, there should be a pop up to grant/deny the request:

- share/record screen
- access to microphone and webcam
- access to folders like downloads, a cloud drive (e.g. OneDrive, Dropbox, Proton Drive...), photo's...
- send notifications
- go fullscreen
- access location

I know about the mandatory access control (MAC), discretionary access control (DAC) and sandboxing applications described in https://wiki.archlinux.org/title/Security, but I've never managed to set up anything that comes even close to this granularity, easy UX and actually work.

Any ideas or experience with something similar on Arch Linux?

Offline

#2 2024-09-22 13:53:21

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,149

Re: Best way achieve to achieve application security like other OSes?

achieve application security like MacOS, iOS, iPadOS or Android

You mean isolating processes in sandboxes, that's not really a "security" feature, but see https://wiki.archlinux.org/title/Firejail

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2024-09-22 14:04:43

Captain Athelas
Member
Registered: 2020-05-15
Posts: 37

Re: Best way achieve to achieve application security like other OSes?

Thanks Seth. Why do you not consider this a security feature?

I can give Firejail another try. Should I try to combine this with AppArmor?

Offline

#4 2024-09-22 14:23:07

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,149

Re: Best way achieve to achieve application security like other OSes?

https://wiki.archlinux.org/title/Firejail wrote:

Warning: Running untrusted code is never safe, sandboxing cannot change this.

Security isn't a thing, it's a mindset.
I get the colloquial expression, but running shadytooltotallynotabitcoinminerbelievemebro in a sandbox is not making anything "secure" and it's not good to think this way.
You cannot just tick a couple of checkboxes and that makes it then securererer.

Make sure to read https://wiki.archlinux.org/title/Fireja … or_support

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2025-08-07 09:14:34

noice65535
Member
Registered: 2025-08-07
Posts: 1

Re: Best way achieve to achieve application security like other OSes?

I have a somewhat related question about code trustedness (I apologize if this is the wrong place to ask this or if replying to something from last year is considered necro-threading): Is it sane for a personal computer owner to trust, barring any that are out of date, unmaintained, or security-advisory-ed, all packages in the core repository and most in the extra repository?

Last edited by noice65535 (2025-08-07 09:18:36)

owo

Offline

#6 2025-08-07 09:32:19

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 13,020
Website

Re: Best way achieve to achieve application security like other OSes?

Sure, until it isn't.

https://wiki.archlinux.org/title/Genera … bumping%22
https://wiki.archlinux.org/title/Genera … _hijacking


Closing this old thread.

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB