Fedora Silverblue / Atomic Workstation
Scott Tankard
Fedora 29 is out today, and it includes a variant image that is Fedora Silverblue -- Fedora Workstation, but with rpm-ostree, immutable root fs, containerized apps, etc. This has many security benefits.
https://silverblue.fedoraproject.org/
Back in 2015, J Rutkowska mentioned:
> 6. Last but not least, having a meaningful intra-VM root-protecting system
> allows to us to finally provide a meaningful defense-in-depth against hypervisor
> exploits (such as the infamous XSA148).
While a Subgraph template for Qubes didn't/hasn't yet become stable, it seems to me that a Fedora Silverblue template could bring some (not all) of the same benefits. It seems like the Silverblue project is heading towards implementing a lot of Subgraph-style features into regular Fedora.
For more info on Silverblue, see:
https://www.projectatomic.io/blog/2018/02/fedora-atomic-workstation/
Jonathan Lebon: Fearless upgrades with Fedora Atomic Workstation (DevConf, Jan 28, 2018)
https://www.youtube.com/watch?v=7c3GdfhWzcc
Marek Marczykowski-Górecki
Hash: SHA256
"OS" and "apps" (and "data"?) should neatly fit into qubes templates!
I definitely need to try it out and see how to make a qubes template out
of it.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlvcX+QACgkQ24/THMrX
1yxQEgf/SXD0V+SdKEdcsSdLDFfNisRfBX06HPbsW0l+VIomULibn4ny6KIWdr7n
PbcjKdVVVm6jcRrP4w7tJUn3vMVlTwMIVyLDs2Q6AY/NLdyQ8DgTSQIEXJXHWnKS
my6+dVsVaUWs+W38dMqCYy8zsMo5JrCDROWxibne1Z+aTfGav0Fb68aBlspYomUx
24RjXmvES1x6D1PI7UFD/myWdkN0pvm6UsrEHgG+faTTT6poKb67GLKM+Z8xRsIe
rB4ni8PIY6FgRh7PsdJorlI/rRm1zJr8TiUkZjhGWFrSdUaqyUs+p7ousgJqhyur
eVQY/TcaelHvAptCzDI8qQXcWvNxrQ==
=gxW8
-----END PGP SIGNATURE-----