Have you learned how to configure IPTABLES or Apparmor directly?

This is incorrect. Chromium is available in a number of different formats on Fedora, and if installed will work just like you would expect a browser to work. SELinux is RBAC (Role Based Access Control) and MAC (Mandatory Access Control) it not a container. In simple terms it prevents an app or user from doing things it should not be allowed to do. In 2021 the policy is very polished and I rarely get any alerts, and for that you have a number of command line tools and some very useful gui tools.

Firejail is a good tool, simple, easy to configure and use.

1 Like

I am using a desktop. Not a laptop. So you can understand its not portable. Although not impossible its extremely unlikely that it will get stolen.

In my country the resale value of a desktop is pathetic which makes it even more unlikely.
While one of my relative went out of the city for a vacation some thieves broke into their apartment. They didn’t steal any of their electronic items like TVs, Blue-Ray players, desktop, etc. The thieves stole only jewellery.

Useful information. I realize this is a difficult question to answer but why do you think the Arch team didn’t bother to implement selinux ? I am just not confident enough to configure it from scratch.

Once again how much effort does it take to encrypt it versus how much effort it would take to unravel the complete nightmare of having all your user accounts and passwords exposed. Guess it depends on your digital presence and usage. I recommend encrypting on any device, the performance overhead is minimal, most installers do it seamlessly, and the protection for your data at rest is very difficult to break.

I would never recommend trying to configure it from scratch. On Arch use Apparmor.

Why they did not seek to implement it? I know some of it was performance based at the time, or at least that was the official commentary, in reality it was probably lack of resources, i.e. manpower, and motivation. As a community project with no corporate backing Arch is in a different spot than Fedora.

1 Like

The only thing that stops me from using disk encryption is fear of loss of data. I keep a separate /home partition. I also have separate spinning HDD which also has a separate mount point. In case I need to reinstall my distro I can do it without loss of data. Will I be able to do this if I use disk encryption ? I do backup my data to an external drive every Sunday but if the OS breaks in the middle of the week I will lose some data.

Using LUKS software encryption is very safe. Could you lose your data, yes, easy to do without a backup, but you have that. Do not use SED (Self Encrypting Device) capabilities baked into many SSD’s they are mostly untrustworhty since the algorithm is closed source, and they can get bricked. In fact I have an old OCZ Vertex sitting in my closet collecting dust because of this. Also don’t forget your password, but since you have to enter it anytime you boot, that is not a likely occurrence.

Understood. What’s your opinion about using Veracrypt (containers) ? I know its not comparable to filesystem encryption but still. I just mentioned that I backup my data to an external drive, I have encrypted the entire drive using Veracrypt. Note >> I am not using a container. The entire drive is encrypted.

I used that command you gave me but it lists both iptables & nftables so I am still not sure which one is in use.

I think the best path forward at this point is to install iptables-nft. When you do, it will automatically remove iptables. If you do, then you will definitely be using nftables but any software that relies on iptables should continue to work.

I suspect that eventually iptables will get removed and replaced with iptables-nft for everyone.