diff --git a/RECOMMENDED.md b/RECOMMENDED.md index b7636a3..37cc20c 100644 --- a/RECOMMENDED.md +++ b/RECOMMENDED.md @@ -1 +1 @@ -GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended. A secondary reason is GNOME's superior [USBGuard integration](https://wiki.archlinux.org/title/USBGuard#GNOME_integration) \ No newline at end of file +GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended. \ No newline at end of file diff --git a/files/system/usr/share/ublue-os/just/60-custom.just b/files/system/usr/share/ublue-os/just/60-custom.just index 0b4daa6..e3077d2 100644 --- a/files/system/usr/share/ublue-os/just/60-custom.just +++ b/files/system/usr/share/ublue-os/just/60-custom.just @@ -160,13 +160,8 @@ setup-usbguard: sudo chmod 755 /etc/usbguard sudo sh -c 'usbguard generate-policy > /etc/usbguard/rules.conf' sudo systemctl enable --now usbguard.service - sudo systemctl enable --now usbguard-dbus.service sudo usbguard add-user $(whoami) systemctl enable --user --now usbguard-notifier.service - if command -v gsettings &> /dev/null; then - gsettings set org.gnome.desktop.privacy usb-protection-level always - gsettings set org.gnome.desktop.privacy usb-protection true - fi # Rerun Yafti rerun-yafti: diff --git a/recipes/common/common-packages.yml b/recipes/common/common-packages.yml index b3050cd..74eb141 100644 --- a/recipes/common/common-packages.yml +++ b/recipes/common/common-packages.yml @@ -3,7 +3,6 @@ repos: - https://copr.fedorainfracloud.org/coprs/secureblue/hardened_malloc/repo/fedora-%OS_VERSION%/secureblue-hardened_malloc-fedora-%OS_VERSION%.repo install: - hardened_malloc - - usbguard-dbus