Qubes OS: A reasonably secure operating system
www.qubes-os.org
Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.

With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?

Flatpacking is great but not all applications support it.

Is it too much of a hassle?

  • FineCoatMummy@sh.itjust.worksEnglish
    4·
    1 day ago

    +1. May I add a few other help gizmos to that list?

    • firejail. Super easy one off sandboxing. I have a bunch of aliases like “firejail --some-params – some-command-i-wanna-sandbox”.
    • lxc. Middle weight sandboxing. Easy to get a console into it and have a whole OS env, which is nice sometimes. Much lighter than a KVM sandbox. But not quite as secure since it uses the same kernel. Super great to control network config for an app or group of similar apps. And easy to put a several related things into it that you wanna use all together. You can even use a separate VPN in each one.