Benefit

Hello,

I just tried installing dangerzone (https://github.com/freedomofpress/dangerzone) on secureblue. On running dangerzone, it displays 'Podman is installed but cannot run properly', presumably because of SELinux:

`type=AVC msg=audit(1761598897.072:690): avc: denied { create } for pid=6405 comm="podman" scontext=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 tclass=user_namespace permissive=0

This is where my knowledge ends, and assumed i best not try to 'fix' this trying things with SELinux without a deep knowledge about it, because the great potentional for doing something that would undermine the whole point of using secureblue, hence this 'issue'.

Apologies if this doesn't belong here, and perhaps would be assumed common knowledge on how to adapt SELinux policy to trust dangerzone, but i really don't have that knowledge and don't want to fiddle with something that important.

Could it be an idea to create a ujust script that installs dangerzone on secureblue, and perhaps applies the necessary SELinux policies? If there even is a benefit from a security standpoint to use dangerzone on secureblue?

Thanks
`

Solution

Dangerzone working on secureblue

Alternatives

/

Declaration

• I agree to follow this project's Code of Conduct.
• I declare that this is not a request for alternate community messaging or social platforms.
• I declare that I have read the secureblue website and my feature request is in-scope.