Here, MAC support is only mentioned for Tumbleweed and Fedora. Please consider mentioning that Arch supports AppArmor, and whether NixOS supports a MAC system.
Nixos includes apparmor in their hardened profile: nixpkgs/nixos/modules/profiles/hardened.nix at 08d4eb0924a7bcb352c717cd310075d906924c4d · NixOS/nixpkgs · GitHub
3 Likes
It’s worth noting that on Arch and NixOS, apparmor is opt-in, requiring the user to explicitly install it. Fedora and Tumbleweed include their MACs by default. I believe this is why only they are mentioned in that section.
2 Likes
Everything about Arch is opt in
any good guide / scripts to set this up?
There’s Archinstall to set up Arch, but why would you use Arch if you aren’t comfortable with a DIY distro. If you want stuff already set up for you, use Fedora
i like AUR. prob not a great look for security haha. + cutting edge
Yeah, why not just use flatpaks, tons of programs use them now.
There’s nothing wrong with the AUR as long as you read the files provided by the package and verify that the source URLs are correct. It’s probably overall way more trustworthy than the snap store, considering the scams happening over there
wastes a lot of space, and also there’s the issue of it not working with usual apparmor profiles, unless specifically written to confine the flatpak version of the app.
What scams? is flatpack the better option still? (considering even fedora provides some apps in flatpack from the official repo)
Snap is less bloaty than flatpack? iirc you can stack snap’s?
Space isn’t an issue on modern hard drives, and properly configured flatpaks should already be confined.
Personally, I really dislike snaps. flatpaks are better, but I still prefer native packages.
Yes it is.
Sure, but its not likely that there are apparmor profiles for AUR apps, right?
there are, yes