scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 03:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add more details to recommended.md

Browse Source
This commit is contained in:
qoijjj
2024-09-30 23:51:38 -07:00
committed by GitHub
parent 99e1a8f17b
commit 3dbbf761a8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
RECOMMENDED.md
View File

@@ -1 +1,3 @@
GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended. KDE has [plans](https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7) to fix this.
Also, while the Bluefin-based images have GNOME, they can't be shipped with `hardened_malloc`. This is because they are rechunked, which exposes an [ostree memory bug](https://github.com/ostreedev/ostree/issues/3303). They instead ship with `hardened_malloc-light` to mitigate this issue. `hardened_malloc-light` is a security downgrade compared to `hardened_malloc`, and for this reason the Bluefin images can't be recommended. Stick with the listed recommended images for a maximally secure experience.