Fedora 34 intends to remove SELinux disablement and migrate to KDE from Wayland

Darkcrizt

4 minutes

Work inside Fedora does not stop and it is that the developers have given what they talk about again and this time it is not about the next version of Fedora 33 but that they are also already focused on Fedora 34.

And it is that recently on the mailing lists Various discussions have started to emerge about various proposed changes to this version of the distribution. One of the proposed changes is the removal of support for disabling the SELinux runtime.

Wherein for the Fedora 34 implementation, a change is described to remove the ability to disable SELinux at runtime.

While the ability to switch between enforcing and permissive modes will be preserved during startup. After SELinux initialization, LSM drivers will be placed in read-only mode, which improves protection against attacks aimed at disabling SELinux after exploiting vulnerabilities that could change the contents of kernel memory.

To disable SELinux, just reboot the system with the parameter "selinux = 0" on the kernel command line.

In addition to that it is mentioned that deactivation will not be supported changing the configuration of / etc / selinux / config (SELINUX = disabled). Previously, support for downloading the SELinux module was deprecated in the Linux 5.6 kernel.

Support for disabling the SELinux runtime via »/ etc / selinux / config» was originally developed to make it easier for Linux distributions to support architectures where adding parameters to the kernel command was difficult.

Unfortunately, supporting runtime disabling meant we had to do some security tradeoffs when it comes to kernel LSM hooks.

Marking kernel LSM hooks as read-only provides some security benefits, but means that we can no longer disable SELinux at runtime.

Another change that has been mentioned within the mailing lists for Fedora 34, is that proposes to change the default builds with the KDE desktop to use Wayland by default, whereby the X11 session is expected to be an option.

Currently, the KDE work on top of Wayland is experimental, but in KDE Plasma 5.20 this mode of operation will be equipped in functionality with the operation mode on top of X11.

==== Is Wayland ready? ====
Wayland has been used by default for Fedora Workstation since Fedora 25. And while it was initially somewhat immature, today it is a very solid experience in just about everything.

On the KDE side, serious work to support Wayland started shortly after GNOME switched to Wayland by default. Unlike GNOME, KDE has a much broader set of tools, and it has taken longer to reach a usable state. With Plasma version 5.20, the Wayland protocol for
screencasting and middle button pasting are finally supported,
completing the required set of functions to switch to Wayland
default.

The inclusion of the session KDE 5.20 based on Wayland will address screencast and center click issues. The kwin-wayland-nvidia package will be used to function when using proprietary NVIDIA drivers. X11 support will be provided through the XWayland component.

As argument against keep default session based on X11, X11 server stall is mentioned, which has pretty much stopped development in recent years and only fixes for dangerous bugs and vulnerabilities in the code.

==== What about NVIDIA? ====
Plasma, in fact, "yes" is compatible with NVIDIA GPUs with the proprietary Wayland driver. It must be activated manually, which will be served by the kwin-wayland-nvidia package. So the expectation is that all major GPUs work fine.

Moving the default build to Wayland will stimulate more development activity related to the support of new graphical technologies in KDE, as development was in due course reflected in the transfer of the GNOME session on Fedora 25 to Wayland.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Oscar Reyes Guerrero by Elizondo said
    ago 4 years

    Fedora is today the best Linux distribution in the world….

    Reply to Oscar Reyes Guerrero from Elizondo
  2.   anonymity said
    ago 4 years

    I think that for those who do online exams or content creators, who must share the desktop, it will be a big mistake to leave a large majority of the desktop to Wayland's fate.
    Wayland does not work with any screen capture, remote desktop or desktop sharing applications. Whenever we use Linux for these things, the first thing we do after installing the system, always, is nothing more than deactivating Wayland.
    To those who examine Cloudera I told them after a while of my exam, because I remember when I had to go quickly to another Windows computer because mine was using Fedora 29 with Wayland and I did not have time in the exam to configure itself to X11. For another I would try it with Fedora, I think 33 or 34, but with X11.

    I hope X11 can be used at least, because if not I could lose users.

    Reply to anonteision