From Fedora Project Wiki

Revision as of 10:10, 29 September 2023 by Siosm (talk | contribs)

Confined Users Special Interest Group (SIG)

SIG to co-ordinate efforts related confined users in Fedora. A confined user is a user that does not have privileged and can not become root on the system via sudo or other means.

Scope

This regroups using or testing SELinux's user confinement in Fedora in order to improve SELinux policies to increase security and user experience (including for default Fedoras without user confinement).

One way to confine a user on Fedora is to use SELinux unprivileged user and role user_u and user_r instead of the default unconfined_u and unconfined_r. Another way is to remove all SUID root binaries on the system.

The SIG aims to make the "confined user" capability as smooth as the Fedora default without confinement so that confinement becomes usable by average users. Additionally, the SIG aims to propagate the possibility/capability about user confinement but also about the possibility to easily contribute to that. This SIG is for all kinds of security enthusiasts, from beginners to SELinux experts.

Getting Involved

If you want to get involved then that's awesome! Membership is currently ephemeral and defined by participation - there's no sign-up page or list. So, how to "join"? Get involved!

You can review the discourse topic (especially the opening post and this one) and say "Hi" in the topic.

Issue Tracker and Discussion

For any kind of help about user confinement or related reports, feel free to open a ticket in our Pagure repo, or use the #confineduser tag in ask.Fedora for technical "How to get X done in Fedora Linux" questions.

Meetings

There are currently no regular meetings planned.

Chat (Matrix)

We don't have a Matrix room for now.