Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.
Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Largely the same stuff, but modify a few recommendations and add a
couple of other ones. See CHANGELOG.md for complete details.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
- Use ESSENTIAL/NICE/PARANOID instead of CRITICAL/MODERATE/LOW/PARANOID
- Use GrSecurity/PaX uniformly
- Add a note on weak passphrases
- The browser you run in a VM does not have to be Chrome/Chromium
- Add a section on hibernating vs. suspending