Fedora Linux Support Community & Resources Center
  #1  
Old 18th May 2017, 10:22 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxfedorafirefox
Suggestion to add grsecurety & firejail to Fedora

Hi.

I would like here to suggest on developers team of Fedora 2 things, in the aim to make Fedora more stronger:

1) why Fedora (& Redhat in general) omit grsecurity ?? Even Redhat not include it in Redhat Linux enterprise !! Currently Linux has only one REAL enemy that can destroy it, named rootkit. We can protect Linux from rootkit by grsecurity. grsecurity elevate Linux for highest sky. And as long Fedora currently is supersecure ditro. why it not including grsecurity ??

I installed Alpine Linux on my experimental laptop & it was promising. But unfortunately it is less suitable for non-server users like me: many packages not included .... It is excellent for servers .....
www.alpinelinux.org

What prevent Fedora from including grsecurity by default ? Fedora my knowledge I got that chief side effect of grsecurity is it's interference with closed source VGA drivers, but Fedora not use them by default & in fact dislike such drivers .....

2) firejail not including in fedora repositories nor in rpmfusion repositories !! Why ? It is powerful security tool compatible with SELinux ......

Let we imagining: Fedora with SELinux + grsecurity + firejail !!! Then what it will be ?? It will be Fedora Sofia Lorine or Marlin Monrow
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #2  
Old 19th May 2017, 07:53 AM
antikythera Offline
Administrator
 
Join Date: Dec 2013
Location: United Kingdom
Posts: 4,044
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

completely the wrong place to make those suggestions. this forum is not officially connected to fedora project and the section you've posted in is only for forum feedback.

The COPR version maintainers may have already tried submitting these packages for inclusion. you could make contact with them and find out.
__________________
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Reply With Quote
  #3  
Old 19th May 2017, 11:05 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxfedorafirefox
Re: Suggestion to add grsecurety & firejail to Fedora

Sorry for this mistake.

Indeed, COPR repositories add these 2 packages:

1) grsecurity:

https://copr.fedorainfracloud.org/co...yj/grsecurity/

2) firejail: (3 packages: only one succeeded !)

https://copr.fedorainfracloud.org/co...senb/firejail/

https://copr.fedorainfracloud.org/co...chew/firejail/

https://copr.fedorainfracloud.org/co...oada/firejail/

1st one of above 3 link seem to be O.K

----------------------------------

1) please your kind advice about firejail links .......

2) are these 2 packages possible to be on Fedora official repositories or RPMFusion repositories ?

3) it will be better if grsecurity included by default in kernel of official Fedora, isn't it ?
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #4  
Old 19th May 2017, 11:35 AM
antikythera Offline
Administrator
 
Join Date: Dec 2013
Location: United Kingdom
Posts: 4,044
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

I have no experience with any of these packages so can't advise which of the 3 firejail builds is good to use.

Again, regarding inclusion of the packages you will have to ask the people who built them for COPR what they have done about this if anything.

In my view, not an official stance as I'm nothing to do with Fedora package selection - firejail is more likely to be accepted than grsecurity because of the paid commercial support grsecurity developers want business users to purchase on their website. so while the code of both applications is offered via different levels of GPL license it is debatable whether grsecurity meets Fedora's inclusion policy anyway. RPMFusion nonfree would be more suitable for grsecurity
__________________
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Reply With Quote
  #5  
Old 19th May 2017, 05:05 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxsafari
Re: Suggestion to add grsecurety & firejail to Fedora

grsecurity is the ultimate security solution for OS. I'm wondering that it's use will be smoth if not included in kernel by default. I'm not sure. What will happen if I installed grsecurity, say, from RPMFusion repository in future then received knew kernel ? Does grsecurity will integrated with new kernel ?
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #6  
Old 19th May 2017, 07:36 PM
antikythera Offline
Administrator
 
Join Date: Dec 2013
Location: United Kingdom
Posts: 4,044
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

Quote:
Originally Posted by User808 View Post
grsecurity is the ultimate security solution for OS. I'm wondering that it's use will be smoth if not included in kernel by default. I'm not sure. What will happen if I installed grsecurity, say, from RPMFusion repository in future then received knew kernel ? Does grsecurity will integrated with new kernel ?
that depends if it can support such an upgrade by use of dkms. if it can and you have installed dkms then it should be fine.
__________________
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Reply With Quote
  #7  
Old 19th May 2017, 10:44 PM
nonamedotc Offline
Mithrandir
 
Join Date: Mar 2011
Location: /
Posts: 4,950
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

Just so you know - grsecurity patches, moving forward, will not be publicly available. It will be available only to their paying customers.

So, even if you use the COPR, once the kernel is updated, GRSecurity is out ...
__________________
Fedora 24 x86_64 XFCE - Sager | Intel Core i7 - 4810 MQ | NVIDIA GeForce GTX 860M | 16 GB RAM | 480 GB ADATA SSD |
CentOS 7.2.1511 x86_64 Server - Thinkpad T520 | Intel Core i7 - 2630 QM | NVIDIA NVS 4200M | 16 GB RAM | 500 GB 7200 RPM HDD |


The Linux Documentation Project | Fedora Documentation
Reply With Quote
  #8  
Old 19th May 2017, 10:57 PM
bob Offline
Administrator (yeah, back again)
 
Join Date: Jul 2004
Location: Colton, NY; Junction of Heaven & Earth (also Routes 56 & 68).
Age: 71
Posts: 23,104
linuxfedorafirefox
Re: Suggestion to add grsecurety & firejail to Fedora

Well, let's at least move this over to Using Fedora, where the discussion can continue.
__________________
Linux & Beer - That TOTALLY Computes!
Registered Linux User #362651


Don't use any of my solutions on working computers or near small children.
Reply With Quote
  #9  
Old 19th May 2017, 11:01 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxsafari
Re: Suggestion to add grsecurety & firejail to Fedora

Quote:
Originally Posted by nonamedotc View Post
Just so you know - grsecurity patches, moving forward, will not be publicly available. It will be available only to their paying customers.

So, even if you use the COPR, once the kernel is updated, GRSecurity is out ...
How Alpine Linux work if grsecurity as you explained !
I understand support is paid but I do not understand further ...... .
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #10  
Old 20th May 2017, 12:38 AM
nonamedotc Offline
Mithrandir
 
Join Date: Mar 2011
Location: /
Posts: 4,950
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

I have no clue about Alpine Linux. But, regarding GRSecurity, you can see here - https://grsecurity.net/passing_the_baton_faq.php
__________________
Fedora 24 x86_64 XFCE - Sager | Intel Core i7 - 4810 MQ | NVIDIA GeForce GTX 860M | 16 GB RAM | 480 GB ADATA SSD |
CentOS 7.2.1511 x86_64 Server - Thinkpad T520 | Intel Core i7 - 2630 QM | NVIDIA NVS 4200M | 16 GB RAM | 500 GB 7200 RPM HDD |


The Linux Documentation Project | Fedora Documentation
Reply With Quote
  #11  
Old 20th May 2017, 06:41 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 535
linuxfedorafirefox
Re: Suggestion to add grsecurety & firejail to Fedora

Quote:
Originally Posted by nonamedotc View Post
I have no clue about Alpine Linux. But, regarding GRSecurity, you can see here - https://grsecurity.net/passing_the_baton_faq.php
This is recent change made just at 27 April 2017 ! A great loss for Linuxers & Mac users !
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #12  
Old 20th May 2017, 10:25 AM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Location: ~
Posts: 1,865
linuxfedorafirefox
Re: Suggestion to add grsecurety & firejail to Fedora

I've been using heikoada-firejail for a long time. One nitpick is that you need to manually set the suid bit.
Reply With Quote
  #13  
Old 20th May 2017, 11:11 AM
antikythera Offline
Administrator
 
Join Date: Dec 2013
Location: United Kingdom
Posts: 4,044
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

Quote:
Originally Posted by User808 View Post
This is recent change made just at 27 April 2017 ! A great loss for Linuxers & Mac users !
That's why I wasn't sure about grsecurity being something that could be added as a fedora package in any form.
__________________
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Reply With Quote
  #14  
Old 20th May 2017, 11:57 AM
srakitnican Offline
Registered User
 
Join Date: Oct 2011
Posts: 1,290
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

Grsecurity is not included in the kernel because developers newer bothered to submit it and as I got the impression developer doesn't necessarily wants it in the kernel.
Also, if we set commercial status aside for a second, grsecurity is most likely not suitable for inclusion to the kernel in its current state because it was not developed in a way that to reuse code for all CPU architectures etc. It works only on very targeted platforms as I've got the impression.

Firejail is in the review process: https://bugzilla.redhat.com/show_bug.cgi?id=1301286
Reply With Quote
  #15  
Old 20th May 2017, 12:38 PM
antikythera Offline
Administrator
 
Join Date: Dec 2013
Location: United Kingdom
Posts: 4,044
linuxchrome
Re: Suggestion to add grsecurety & firejail to Fedora

the review process seems to have stagnated though judging by the dates
__________________
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Reply With Quote
Reply

Tags
add, fedora, firejail, grsecurety, suggestion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
About Firejail ! User808 Security and Privacy 2 9th May 2017 04:54 PM
A suggestion to Red Hat/Fedora teams! ForProgress Linux Chat 14 19th March 2008 10:33 AM
Suggestion on fedora releases phoxis Using Fedora 10 6th January 2008 04:00 PM


Current GMT-time: 05:54 (Wednesday, 24-05-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat