Confined Users Special Interest Group (SIG)
SIG to co-ordinate efforts related confined users in Fedora. A confined user is a user that does not have privileged and can not become root on the system via sudo or other direct means.
Scope
This regroups using or testing SELinux's user confinement in Fedora in order to improve SELinux policies to increase security and user experience (including for default Fedoras without user confinement).
One way to confine a user on Fedora is to use SELinux unprivileged user and role user_u
and user_r
instead of the default unconfined_u
and unconfined_r
. Another way is to remove all SUID root
binaries on the system.
The SIG aims to make the "confined user" capability as smooth as the Fedora default without confinement so that confinement becomes usable by average users. Additionally, the SIG aims to propagate the possibility/capability about user confinement but also about the possibility to easily contribute to that. This SIG is for all kinds of security enthusiasts, from beginners to SELinux experts.
Getting Involved
If you want to get involved then that's awesome! Membership is currently ephemeral and defined by participation - there's no sign-up page or list. So, how to "join"? Get involved!
You can review the discourse topic (especially the opening post and this one) and say "Hi" in the topic.
Issue Tracker and Discussion
For any kind of help about user confinement or related reports, feel free to open a ticket in our Pagure repo, or use the #confineduser
tag in ask.Fedora for technical "How to get X done in Fedora Linux" questions.
Meetings
There are currently no regular meetings planned.
Chat (Matrix)
We don't have a Matrix room for now.