I’m currently on Fedora Workstation and I plan to move into Silverblue, but I came across this topic. Upon further inspecting the project, I became interested in it especially knowing it uses some features from the GrapheneOS project.
However, there are certain applications that I need to use (i.e. Krita, Inkscape, Cryptomator, etc.) that need Xwayland to fully work. Would I still get any benefits with regard to security on Secureblue if I enable Xwayland? Like how bad is it when using apps with no native Wayland support? I apologize @RoyalOughtness if you’ve seen these questions multiple times before, I don’t have a Discord nor a GitHub account.
Would I still get any benefits with regard to security on Secureblue if I enable Xwayland?
Yes, the main drawback is that all xwayland apps can snoop on each other, since they’re all running in the same xwayland session.
So you’re best off gradually reducing your use of xwayland-dependent apps, which becomes easier by the day as apps move to wayland. GIMP 3 RC (which is on flathub beta) for example is wayland now.
I’m fairly new to Linux (1 year) and the only thing I know about Wayland is to use a distro that ships with it by default. So I’ll be reviewing all of my apps then and try to keep the important ones.
I do also use GIMP, but there are some features that aren’t available compared to Krita and Inkscape.
Anyway thank you for your time answering @RoyalOughtness, I appreciate you and your team for your hard work and dedication! Would definitely support this project and share it to my friends! (especially the ones running on Silverblue.)
One more last question @RoyalOughtness, does using Virtual Machines increase security if I instead use my XWayland apps there? If I also containerize using VMs per app type i.e. Electron apps, AppImages or even Distroboxes, does that mitigate anything? Would running a VM for light gaming also be beneficial?
I know this setup requires a ton of RAM but still I am curious if it has any significance?