11·
11 months agoArch: I need reproducible setups. Also bleeding edge is not for me.
I have to give credit to their documentation though!
- 0 Posts
- 13 Comments
Joined 1 year ago
Cake day: August 28th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
What put me off selinux is that the officially documented way of generating a new policy is to run a service unconfined, and then generating the policy from its behaviour. This is backwards on so many levels… In contrast policy-based admission control in kubernetes is a delight to use, and creating new policies is actually doable outside of a lab.
Using containers from public registries is no worse than using third party software. In both cases there’s a risk of malicious code. The big difference is that for containers you can scan the image before running it, SBOMs are becoming ubiquitous so dependency vulnerabilities are easier to detect, and runtime protection software is more effective on containers because each container has a deterministic expected behaviour, making it easier to find deviations. I’d much rather manage runtime controls for containers than craft selinux policies.
The bottom line (which the OP article misses) is that while individual container configurations require more effort to set up the additional work to manage them at scale is low, whereas compliance for host based installs is requiring more and more effort. In fact given how popular
curl | sh ...is becoming for host based installs I’d argue that they are regressing in terms of safety and reproducibility.
Take a machine with Linux preinstalled. Will it run Linux without problems? Yeah, of course.
Take a machine with Windows preinstalled. Will it run Linux without problems? Check the list.
2·1 year agoMany much housen.
81·1 year agoConfigure port forwarding for the VM.
Getting awfully close to raclette territory there.
12·1 year agoStör is German for sturgeon. And it happens to sound like a lot of other words. Stör Wars, stört your engines, etc. The admins let it run for a while and then put a ban on Stör memes, so everything quieted down. Until this week, when c/risa got the Morn/Gorn/Rom bug.
“Drink verification can…”
In that case gpaste (if you use Gnome). Before that parcellite was my preference, but around the transition to Wayland things broke for me.
Selection buffer.
Unless you mean clipboard manager, in which case it’ll depend on your desktop environment.
Consistency with their previous default desktop environment, Unity.