Isolation
/
Theory
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Isolation Project explained
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
30 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Delta503 8aa9889525
Update 'README.md' 		5 months ago
README.md Update 'README.md' 5 months ago
apps.md Update on aims 6 months ago

README.md

Isolation Project explained

Table of contents

  • Aims
  • Modes
  • Requirements
  • Technologies
  • Security
  • Supported Linux Distributions
  • Design
  • Installation
  • License
  • FAQ

Aims

Please read it carefully before proceeding

Isolation Project

Provides

  • More configuration options to clone, isolate and manage apps groups.
  • Simplified network mixing.
  • Interesting solutions for coders.
  • Interesting solutions for hackers (Warning, do not confuse hackers with security hackers also called crackers).

Doesn't provide

  • 100% absolute security ever (This QubesOS aim).
  • Server (or CLI) version (SkiffOS aim).
  • Super speed (because)
  • Advanced tools for crackers (penetration-tools etc. See Kali Linux and Black Arch Linux)

Is

  • General-purpose choice for personal computers.
  • Unique configuration and conventions that can be installed on one of supported Linux distributions.
  • Bunch of tools.
  • Always: Non-profit, free and open source project.
  • Privacy friendly
  • For people experienced somehow with Linux

Is not

  • Original operating system.
  • Independent Linux distribution.
  • Commercial, for-profit, project.
  • Designed for gaming.
  • Designed for advanced graphics/movie editing.

May be

  • More secure than traditional configuration of Linux operating system (Depending on mode you choose)
  • More portable (in theory probably even on linux phones) because containers doesn't need as much resources as virtual machines.

Who can use

People somehow experienced with Linux (more than cd and ls )

You should know all of enumerated words: kernel, bootloader, init system, container, x server/xorg, wayland, lvm, luks, loki, TOR, VPN, bridge.

Who shouldn't probably use (yet)

Normies, newbies, inexperienced, (how do you call them).

Modes

Available:

  • ...

Work in Progress:

  • Wayland Mutual Kernel (WMK) - Uses Wayland as a display server, podman and crun

Planned:

  • X Separated Kernel (XSK) - uses X as a display server, podman and kata containers

Requirements

TODO

Technologies

Containers:

  • Podman (default, because rootles mode is easier to deal with)
  • crun
  • kata containers

Containers Management

  • Dedicated tools: GUI update tool, general management (TODO)
  • Presets - proposed configuration (in Dockerfiles repo)

Init system

  • dependent on your distribution [runit (void)]

Desktop environment

Available

  • ...

WMK mode:

  • GNOME (on Wayland)
  • KDE Plasma (on Wayland)
  • Phosh (Wayland only)
  • KDE Plasma mobile (Wayland only)

XSK mode:

  • GNOME (on Xorg)
  • KDE Plasma (on Xorg)
  • ... any other based on X (xfce4, lxde)

Note that I'm interested only in GNOME and Phosh but will accept pull request.

Network Mixing

  • TOR (service container) TODO
  • Sperated dedicated TOR browser (gui container) TODO
  • Loki (in container) TODO
  • User-defined VPNs (in containers) TODO

Security

Comparing to QubesOS

TODO

Comparing to traditional Linux distro

TODO

Comparing to Sandboxed apps (Flatpak, Snaps, AppImages)

TODO

Supported Linux distributions

Current:

  • ...

Work In Progress

  • Void Linux (Reasonably modular, stable but rolling, promoted by author)

Author won't support

  • Any commercial (open/close source) distribution unless you pay me and you are not from any government (Don't be pissed off with such behaviour, that's how this world is organized, I also need to earn money and be able to look at myself in mirror having in mind I haven't been working for people that don't/can't tell me whole truth while making controversial stuff)
  • Closed-source distributions, I'm open-source fan, also working with propietary software is much more unnecessary effort.
  • Ugly distributions (commercial or not, closed/open) that may have issues with user privacy (like inbuilt aggressive telemetry, backdoors) (Providing such services is unfair. If you try, I'll fight, please just leave this site for ever and don't make problem)
  • Suspected distributions, that may be(come) ugly but nobody has time to check it. Mainly data hungry big-tech designed. However if you can truly prove their integrity, I can move one to community section.
  • Legacy distributions - because of rare updates, you ruin security.
  • Niche distributions - due to lack of continuous security fixes or unnecessary sophisticated solutions.
  • Pragmatic distributions - In my opinion closed code has to be separated from open. Is it hard to distinguish it by placing in subrepos? No! So why do you create a mess?
  • Mother-based - in a nutshell - this is what should be already supported but you need slightly different configuration which takes time. It doesn't make sense unless you have e.g. repositories with battle-tested newer versions of apps like OpenSUSE (Slackware based).

Community

Listed Pragmatic, Niche and Mother-based, that someone decide to port without my help.

  • ...

Note that I promote stable edge distributions.

Design

TODO

Installation

  1. Distribution choice and prerequisites
  2. Manual Installation
    • UEFI options
    • Full disk encryption and partitioning
    • Services and utilities
    • Desktop Environment choice
    • Kernel hardening
    • Boot options
  3. Container images creation
  4. x11docker installation
  5. Remote access configuration (optional)

License

Please refer to this file: TODO

FAQ

TODO