elaborate todo about securing programs
This commit is contained in:
3
TODO.md
3
TODO.md
@@ -34,6 +34,9 @@
|
|||||||
- have `sane.programs` be wrapped such that they run in a cgroup?
|
- have `sane.programs` be wrapped such that they run in a cgroup?
|
||||||
- at least, only give them access to the portion of the fs they *need*.
|
- at least, only give them access to the portion of the fs they *need*.
|
||||||
- Android takes approach of giving each app its own user: could hack that in here.
|
- Android takes approach of giving each app its own user: could hack that in here.
|
||||||
|
- flatpak does this, somehow
|
||||||
|
- apparmor? SElinux? (desktop) "portals"?
|
||||||
|
- see Spectrum OS; Alyssa Ross; etc
|
||||||
- canaries for important services
|
- canaries for important services
|
||||||
- e.g. daily email checks; daily backup checks
|
- e.g. daily email checks; daily backup checks
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user