You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2025-04-09 09:21:06
- canihazsecurity
- Member
- Registered: 2025-04-09
- Posts: 3
Returning to Arch?
Hi, I went Fedora way because of their default SELinux implementation. Turns out it's not well implemented at all. They have it selinux as enforcing, but it really isn't enforcing much until you go through extra steps of enabling confined users. And theeeen the moment you confine users, you can't run anything, basically.
Before I was on Archlinux...do you think I should return? How's SELinux been going for Archlinux? I know it was available, but not ready for primetime or something like that?
Can I just say that Fedora had been running relatively well for me. There's a lot of nastiness in it, but there are also some benefits to it, once you figure out how they do things and get it working. Maybe it's because they are backed by a big for-profit corp? But they still screw up on some important things - like selinux, for example.
Or - just found out a little while ago - their repos are not signed (so you can have a man in the middle basically serve you some fish when you download packages?). I forget, does Arch secure/sign their repo data? Not the packages themselves, but the repos data?
Offline
#2 2025-04-09 11:52:14
- Nikolai5
- Member
- From: North West, England, UK
- Registered: 2024-01-27
- Posts: 272
Re: Returning to Arch?
https://wiki.archlinux.org/title/SELinux
I'm no expert on it, but that article has the latest.
You'll need to make use of a number of AUR packages that serve as replacements for those in the repos.
Ryzen 7 9850X3D | AMD 7800XT | KDE Plasma
Offline
#3 2025-04-09 12:08:14
- MAYBL8
- Member
- From: Florida USA
- Registered: 2022-01-14
- Posts: 386
- Website
Re: Returning to Arch?
I'm curious. What is your situation that requires your system to need such a secure environment?
Linux itself is less likely to be compromised than at least a Windows system. Mac's might be a little more secure due to the fact that they are proprietary system.
Arch Linux is probably more secure than some of the other Linux systems especially if you stay away from the AUR packages. I haven't read how the SeLinux packages are secured from hackers.
I read the link and this seems like a lot of work to keep the system running and staying secure.
Thanks
Offline
#4 2025-04-09 14:31:32
- canihazsecurity
- Member
- Registered: 2025-04-09
- Posts: 3
Re: Returning to Arch?
https://wiki.archlinux.org/title/SELinux
I'm no expert on it, but that article has the latest.
You'll need to make use of a number of AUR packages that serve as replacements for those in the repos.
Oh, so fantastic, thank you so much.
It looks better than it did about two-three years ago when I looked into it.
I love how that wiki guides you into incrementally setting up because, well, you know, you want to understand what it is doing and how - at the very least, to make sure it works well.
One thing I was wondering - maybe someone can kindly point me to it - is how to get Firefox selinux policy - is there one available or you have to build one yourself? And how could I do that? Internet browsers are #1 priority to tighten security, so I hope there's something very nifty wiki-wise for that.
Offline
#5 2025-04-09 14:40:50
- canihazsecurity
- Member
- Registered: 2025-04-09
- Posts: 3
Re: Returning to Arch?
I'm curious. What is your situation that requires your system to need such a secure environment?
Linux itself is less likely to be compromised than at least a Windows system. Mac's might be a little more secure due to the fact that they are proprietary system.Arch Linux is probably more secure than some of the other Linux systems especially if you stay away from the AUR packages. I haven't read how the SeLinux packages are secured from hackers.
I read the link and this seems like a lot of work to keep the system running and staying secure.
Thanks
I believe we all deserve a chance at using a secure computer. It's nothing exuberant to wish for. It's a very simple aspiration.
It's not Linux that people should be concerned about, it's network-related things like internet browsers that are the weak point, I think, that need to be tighty tight.
I think we'll just have to review SELinux-related AUR packages, they should just be enabling selinux in regular packages for the most part or something, no?
SELinux is a lot of work, but it shouldn't be. It's basically 3D security added onto a 2D security of just having DAC (imagine DAC just securing your Linux in 2D on a flat board - you are safe from left, right, front or back, but you're open to attack from top or bottom...and MAC (SELinux) secures you from top and bottom). It's telling that DAC is implemented seamlessly out of the box but you gotta scratch your head to just add another similar security mechanism to Linux.
Offline
Pages: 1