What is the plan to secure the installed apps? E.g. preventing my music app to send all my photos to the imternet.
Is there a plan to use something like firejail or apparmor?
Or will purism use their appstore in combination with flatpak? Who would verify the flatpaks?
Is the main goal to have something like on Android where you can grant/decline permissions for each app individually?
The number 1 thing is free and open source apps. If the app itself doesn’t want to compromise your data, you don’t have to rely on a sandbox keeping it from doing so.
Absolutely. Defence in depth is a good thing. That applies on a desktop too, of course. My point is simply that there’s no reason to worry more about it on a phone than on a desktop or laptop. About the only significant security difference is a phone is easier to steal, and is more likely to be left unattended for someone to try to do bad things with it in place. Firejail and the like doesn’t hugely help with that. Also, firejail can pose security problems for things run not inside a firejail sandbox (the assumption is the users who can run firejail are trusted).
Purism is focused on using Flatpaks for their apps for PureOS/Librem 5. A “Flatpak (formerly xdg-app) is software that is advertised as having a sandbox environment in which users can run application software in isolation from the rest of the system. Applications using Flatpak need permissions to have access to Bluetooth, sound (with PulseAudio), network, files, etc., permissions that are defined by the maintainer of the Flatpak and can be controlled (added or removed) by users on their system.” That along with AppArmor “(“Application Armor”) is a Linux kernel security module that allows the system administrator to restrict programs’ capabilities with per-program profiles.” This already starts to give you a good idea of where some of the security is within the OS.
â—Ź apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Fri 2020-01-03 10:55:42 EST; 3s ago
└─ ConditionSecurity=apparmor was not met
Docs: man:apparmor(7) https://gitlab.com/apparmor/apparmor/wikis/home/
Jan 03 07:51:22 pietro systemd[1]: Condition check resulted in Load AppArmor profiles being skipped.
Jan 03 10:55:42 pietro systemd[1]: Condition check resulted in Load AppArmor profiles being skipped.
Looks like the kernel miss the cmd line option security=apparmor
Linux defaults to pretty much not listening on any ports. If you need to listen on ports, but only for certain IPs, or block outgoing traffic, the built-in firewall is excellent. There are numerous frontends for it. I use fail2ban, which can detect bad actors via logfiles, and ban them from any connection.
The current tendency is to move to netfilter from iptables so try instead
nft -j list ruleset
that wouldn’t work with failt2ban obviously (one of the reasons I’ve stopped using it).
I was told in the matrix chat room that there will be no firewall by default (as there are no open and listening ports by default) but that installing ufw or anything with a GUI wouuld easily be possible.
Probably the librem5 do will not have open ports by default but some apps could be and as security and privacy minded smartphone i think a firewall by default is pretty mandatory, i hope someone will adapt gufw for it
Yes, I even did that. But after certain update it stopped working so I just trashed that out after analyzing logs and seeing it actually didn’t provide much improvement, merely suppressed app logs (nginx and postfix).