From Fedora Project Wiki
mNo edit summary
(Consolidate and elaborate different pillars of the SIG)
Line 1: Line 1:
= Confined Users Special Interest Group (SIG) =
= Confined Users Special Interest Group (SIG) =


SIG to co-ordinate efforts related confined users in Fedora. A confined user is a user that does not have privileged and can not become root on the system via sudo or other means.
SIG to co-ordinate efforts related to different means to confine (which means achieve secure process, data and account isolation and protection but also mitigate privilege escalation) users and their accounts, but also to bring beginners and intermediate users with security-interest together with developers and experts to contribute to the testing efforts, which can be time-intensive but to which it can be already contributed without much related experience (usability testing, identify and report issues and unintended behavior, and so on). However, we also aim to develop and improve yet underdeveloped means to achieve confinement, which might involve more sophisticated testing but also developing, as conducted by more experienced users (and those who want to become experienced).


== Scope ==
== Scope ==


This regroups using or testing SELinux's user confinement in Fedora in order to improve SELinux policies to increase security and user experience (including for default Fedoras without user confinement).
Our efforts can be split into four pillars:


One way to confine a user on Fedora is to use SELinux unprivileged user and role `user_u` and `user_r` instead of the default `unconfined_u` and `unconfined_r`. Another way is to remove all SUID `root` binaries on the system.
In the center of the first two pillars is working with and contributing to SELinux confined users, which can achieve a precise and radical isolation/protection of data, processes and user accounts within graphical desktop environments as it cannot be achieved by containerization technologies (at least not in GUIs). Any experience level can contribute to these efforts and learn a lot about Linux, SELinux and their behavior and impact with and on user applications. The focus is to contribute with data and reports that help to improve the SELinux policies to increase security and user experience (which can also improve default Fedora installations without user confinement).


The SIG aims to make the "confined user" capability as smooth as the Fedora default without confinement so that confinement becomes usable by average users. Additionally, the SIG aims to propagate the possibility/capability about user confinement but also about the possibility to easily contribute to that. This SIG is for all kinds of security enthusiasts, from beginners to SELinux experts.
1. On one hand, we contribute to confinement profiles that keep allowing the users to work with `su` and/or `sudo` (staff_u, staff_r, sysadm_u; sysadm_r), so that at the end of our efforts, a confinement can be enabled without it changing the user experience compared to the default Fedora, whereas it then still achieves a process/data/account isolation and protection within GUIs that can compete with non-GUI container environments.
 
2. On the other hand, we want to also make Fedora working smoothly with profiles that forbid any privilege escalation through `su` and `sudo` (user_u, user_r), which aims for users with the highest security demand who are also willing to change their behavior and user experience to further increase security. Again, we aim that this becomes usable also by users without sophisticated experience and without much efforts.
 
3. Beyond SELinux, we also aim to make Fedora deployable with all SUID `root` binaries being removed, which is another approach to achieve confinement. This is a contribution that aims for people who have already deeper experience with Linux or aim to develop such knowledge. This approach is more generic and might also contribute to Linux operating systems in general because it uses means that are common to most (if not all) widespread desktop Linux distributions, without the need to involve SELinux. On the long term, our goal is that this means also does no longer need sophisticated experience or efforts to be usable by non-experts.
 
4. Coordinate efforts within and among the first three pillars and exploit their synergies (including testing and deploying "mixes" of the first three pillars' approaches/means), develop and distribute related knowledge, but also promote and propagate the possibilities and aims of the first three pillars within and beyond the community.
 
This SIG is for all kinds of security enthusiasts, from beginners to SELinux experts (and those who want to become experts).


== Getting Involved ==
== Getting Involved ==
Line 19: Line 27:
== Issue Tracker and Discussion ==
== Issue Tracker and Discussion ==


For any kind of help about user confinement or related reports, feel free to open a ticket in our [https://pagure.io/SELinux-confined-users Pagure repo], or use the `#confineduser` tag in ask.Fedora for technical "How to get X done in Fedora Linux" questions.  
For any kind of help about user confinement or related reports, feel free to open a ticket in our [https://pagure.io/SELinux-confined-users Pagure repo], or use the `#confineduser` tag in ask.Fedora for technical "How to get X done in Fedora Linux" questions.


== Meetings ==
== Meetings ==

Revision as of 18:53, 15 October 2023

= Confined Users Special Interest Group (SIG) =

SIG to co-ordinate efforts related to different means to confine (which means achieve secure process, data and account isolation and protection but also mitigate privilege escalation) users and their accounts, but also to bring beginners and intermediate users with security-interest together with developers and experts to contribute to the testing efforts, which can be time-intensive but to which it can be already contributed without much related experience (usability testing, identify and report issues and unintended behavior, and so on). However, we also aim to develop and improve yet underdeveloped means to achieve confinement, which might involve more sophisticated testing but also developing, as conducted by more experienced users (and those who want to become experienced).

Scope

Our efforts can be split into four pillars:

In the center of the first two pillars is working with and contributing to SELinux confined users, which can achieve a precise and radical isolation/protection of data, processes and user accounts within graphical desktop environments as it cannot be achieved by containerization technologies (at least not in GUIs). Any experience level can contribute to these efforts and learn a lot about Linux, SELinux and their behavior and impact with and on user applications. The focus is to contribute with data and reports that help to improve the SELinux policies to increase security and user experience (which can also improve default Fedora installations without user confinement).

1. On one hand, we contribute to confinement profiles that keep allowing the users to work with su and/or sudo (staff_u, staff_r, sysadm_u; sysadm_r), so that at the end of our efforts, a confinement can be enabled without it changing the user experience compared to the default Fedora, whereas it then still achieves a process/data/account isolation and protection within GUIs that can compete with non-GUI container environments.

2. On the other hand, we want to also make Fedora working smoothly with profiles that forbid any privilege escalation through su and sudo (user_u, user_r), which aims for users with the highest security demand who are also willing to change their behavior and user experience to further increase security. Again, we aim that this becomes usable also by users without sophisticated experience and without much efforts.

3. Beyond SELinux, we also aim to make Fedora deployable with all SUID root binaries being removed, which is another approach to achieve confinement. This is a contribution that aims for people who have already deeper experience with Linux or aim to develop such knowledge. This approach is more generic and might also contribute to Linux operating systems in general because it uses means that are common to most (if not all) widespread desktop Linux distributions, without the need to involve SELinux. On the long term, our goal is that this means also does no longer need sophisticated experience or efforts to be usable by non-experts.

4. Coordinate efforts within and among the first three pillars and exploit their synergies (including testing and deploying "mixes" of the first three pillars' approaches/means), develop and distribute related knowledge, but also promote and propagate the possibilities and aims of the first three pillars within and beyond the community.

This SIG is for all kinds of security enthusiasts, from beginners to SELinux experts (and those who want to become experts).

Getting Involved

If you want to get involved then that's awesome! Membership is currently ephemeral and defined by participation - there's no sign-up page or list. So, how to "join"? Get involved!

You can review the discourse topic (especially the opening post and this one) and say "Hi" in the topic.

Issue Tracker and Discussion

For any kind of help about user confinement or related reports, feel free to open a ticket in our Pagure repo, or use the #confineduser tag in ask.Fedora for technical "How to get X done in Fedora Linux" questions.

Meetings

There are currently no regular meetings planned.

Chat (Matrix)

We don't have a Matrix room for now.