scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-24 14:05:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: clarify disablement of GNOME user extensions better (#364)

Browse Source
This commit is contained in:
fiftydinar
2024-08-09 00:59:25 +02:00
committed by GitHub
parent 3fb96ece10
commit 378caba43f
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
FAQ.md
View File

@@ -67,10 +67,10 @@ If you still want to enable this functionality, run `ujust toggle-ghns`
Xwayland is disabled by default on GNOME, KDE Plasma, and Sway. Use `ujust toggle-xwayland` if you need it Xwayland is disabled by default on GNOME, KDE Plasma, and Sway. Use `ujust toggle-xwayland` if you need it
#### Why I can't install any GNOME user extensions? #### Why I can't install nor use any GNOME user extensions?
This is because support for installing them has been intentionally disabled in secureblue. This is because support for installing & using them has been intentionally disabled by default in secureblue.
Only system extensions are trusted, if they are installed. Only GNOME system extensions are trusted, if they are installed.
To enable support for installing GNOME user extensions, you can run ujust command: To enable support for installing GNOME user extensions, you can run ujust command:
`ujust toggle-gnome-extensions` `ujust toggle-gnome-extensions`

1
README.md
View File

@@ -44,6 +44,7 @@ The following are not in scope:
- Set opportunistic DNSSEC and DNSOverTLS for systemd-resolved - Set opportunistic DNSSEC and DNSOverTLS for systemd-resolved
- Configure chronyd to use Network Time Security (NTS) <sup>[using chrony config from GrapheneOS](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf)</sup> - Configure chronyd to use Network Time Security (NTS) <sup>[using chrony config from GrapheneOS](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf)</sup>
- Disable KDE GHNS by default <sup>[why?](https://blog.davidedmundson.co.uk/blog/kde-store-content/)</sup> - Disable KDE GHNS by default <sup>[why?](https://blog.davidedmundson.co.uk/blog/kde-store-content/)</sup>
- Disable install & usage of GNOME user extensions by default
- Use HTTPS for all rpm mirrors - Use HTTPS for all rpm mirrors
- Set all default container policies to `reject`, `signedBy`, or `sigstoreSigned` - Set all default container policies to `reject`, `signedBy`, or `sigstoreSigned`
- Remove SUID-root from [numerous binaries](https://github.com/secureblue/secureblue/blob/live/files/scripts/removesuid.sh) and replace functionality [using capabilities](https://github.com/secureblue/secureblue/blob/live/files/system/usr/bin/setcapsforunsuidbinaries) - Remove SUID-root from [numerous binaries](https://github.com/secureblue/secureblue/blob/live/files/scripts/removesuid.sh) and replace functionality [using capabilities](https://github.com/secureblue/secureblue/blob/live/files/system/usr/bin/setcapsforunsuidbinaries)

2
files/gschema-overrides/zz1-secureblue.gschema.override
View File

@@ -1,4 +1,4 @@
# Disable GNOME user extensions installation # Disable GNOME user extensions installation & usage
# Only GNOME system extensions are trusted if installed # Only GNOME system extensions are trusted if installed
[org.gnome.shell] [org.gnome.shell]