[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding a section about security in the guix manual

From: Ricardo Wurmus
Subject: Re: Adding a section about security in the guix manual
Date: Fri, 11 Jan 2019 06:04:44 +0100
User-agent: mu4e 1.0; emacs 26.1

Leo Famulari <address@hidden> writes:

> On Wed, Jan 09, 2019 at 09:52:53AM -0500, Joshua Branson wrote:
>> Perhaps I would put it right after GNU Distribution > System
>> Configuration.  Perhaps I would call that section "Hardening
>> Recommendations".   Some of the things that I want to include are strong
>> passwords, encrypted drives, MAC, kernel hardening (which we currently
>> don't have a linux-libre-hardened do we?), sandboxing applications,
>> firewalls, and physical security.  I may not be able to complete this
>> project swiftly, but I do intend to put it on my TODO list.
> I think the manual should include things that are specific to Guix, or
> that explain how to do generic things (like encrypted storage) in a
> Guix-y way. There are a lot of ways the manual (and GuixSD itself) could
> be improved in this regard.
> I'm less enthusiastic about including things that are basically
> universal concerns, like password strength or physical security.

I agree.

I’d also like to add that a section on MAC via SELinux would be
challenging to write because one would probably first need to develop
a few system services to better support SELinux.

The same goes for hardening, which would need probably require build
system support.

Sandboxing, on the other hand, could get a section already, as this is
made simpler with “guix environment --container” or “guix container”.

Let’s aim for something slightly less ambitious and add sections on
features that already exist.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]