1. Home
  2. secureblue
User Image

Secureblue's Profile

secureblue (fas) | Fedora badges

Secureblue's Projects

secureblue/pam-authramp

pam-authramp The AuthRamp PAM (Pluggable Authentication Modules) module provides an account lockout mechanism based on the number of authentication failures. It calculates a dynamic delay for subsequent authentication attempts, increasing the delay with each failure to mitigate brute force attacks.
  • Fedora 39 : x86_64

secureblue/bubblewrap-suid

📦 bubblewrap-suid This repository contains the .spec file for bundling a setuid variant of Bubblewrap as an RPM. ONLY USE IF YOU HAVE: user.max_user_namespaces = 0 and kernel.unprivileged_userns_clone = 0 set. CI Currently the Bubblewrap releases are tracked manually. The goal for this repository is for it to track automatically Install Get the COPR .repo file curl -s https://copr.fedorainfracloud.org/coprs/secureblue/bubblewrap-suid/repo/fedora-39/secureblue-bubblewrap-suid-fedora-39.repo | sudo tee /etc/yum.repos.d/secureblue-bubblewrap-suid-fedora-39.repo Override bubblewrap (without suid) package sudo rpm-ostree override replace --experimental --freeze --from repo='copr:copr.fedorainfracloud.org:secureblue:bubblewrap-suid' bubblewrap-suid Develop Build locally This has to be done on a RPM based Linux distribution and is tested on a Fedora Silverblue 39 VM. Install required RPM build tools and dependencies: rpm-ostree install -y rpmdevtools rpmlint docbook-style-xsl meson libcap-devel libselinux-devel gcc Create the required file tree: rpmdev-setuptree Clone this repo and cd into it: git clone https://github.com/34N0/bubblewrap-suid-rpm && cd bubblewrap-suid-rpm Download bubblewrap source spectool -g -R bubblewrap-suid.spec Build the RPM from spec: rpmbuild -ba bubblewrap-suid.spec Test locally Cd into the RPM folder: cd ~/rpmbuild/RPMS/x86_64 Override the bubblewrap package: rpm-ostree override replace bubblewrap-suid-<version>.fc39.x86_64.rpm disabling unprivileged user namespaces Edit the sysctl config: sudo nano /etc/sysctl.d/99-sysctl.conf add the following lines: user.max_user_namespaces = 0 kernel.unprivileged_userns_clone = 0 load the parameters: sudo sysctl --system reboot the VM! Issues & Contributions Feel free to open issues or pull requests for improvements, bug fixes. 😄 Be mindful that this repository is simply the Bubblewrap project with the SUID bit set.
  • Fedora 38 : x86_64
  • Fedora 39 : x86_64

secureblue/hardened_malloc

This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heapcorruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independently arenas, with the internal locking within arenas further divided up per size class.
  • Fedora 38 : aarch64, x86_64
  • Fedora 39 : aarch64, x86_64
  • Fedora 40 : aarch64, x86_64

secureblue/bubblejail

Bubblewrap based sandboxing for desktop applications. https://github.com/igo95862/bubblejail
  • Fedora 38 : aarch64, x86_64
  • Fedora 39 : aarch64, x86_64
  • Fedora 40 : aarch64, x86_64

News - Read All

Task Queue

1 Build Batches 0 Importing 100 Pending 2 Starting 140 Running

Recent Builds - View All

python-matplotlib

Project: torsava/automatic-obsoletes

Build: 7452676

State: failed

Finished: 55 seconds ago

buildtag

Project: @copr/copr-ping

Build: 7452692

State: succeeded

Finished: a minute ago

python-types-aiobotocore-apigateway

Project: @copr/PyPI

Build: 7452402

State: failed

Finished: a minute ago

python-types-aiobotocore-globalaccelerator

Project: @copr/PyPI

Build: 7452405

State: failed

Finished: a minute ago